Multiple Database Leak Claims Involve JobsGO, MyVete, PIXPAY, and Fondasol

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

SOCRadar’s Dark Web Team identified multiple new data leak claims this week involving recruitment, veterinary, payment, and engineering platforms. Posts alleged database exposures affecting Vietnam-based JobsGO, veterinary management platform MyVete, Senegalese payment service PIXPAY, and France-based Groupe Fondasol. The claimed datasets range from CV and personal records to API credentials and employee metadata.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of JobsGo is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging a database leak involving JobsGO, an online recruitment service operating in Vietnam. The threat actor claims the incident occurred in early January 2026 and exposed approximately 2.3 million records.

According to the post, the compromised data allegedly includes personal and professional information such as full names, gender details, dates of birth, job titles, employer information, physical addresses, education records, and raw CV content. Samples were shared to support the claim.

From a threat perspective, the exposure of CVs and structured personal data increases the risk of targeted phishing, recruitment fraud, and identity abuse. While the breach claim has not been independently verified, datasets of this nature are commonly used in social engineering campaigns rather than for immediate technical exploitation.

Alleged Database of MyVete is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging a database leak involving MyVete, a platform used by veterinary clinics to manage patient records, appointments, billing, and operational workflows. The post claims the data dump is dated January 12, 2026.

According to the listing, the alleged dataset contains approximately 5.57 million records with a total size of around 30 GB. The threat actor states that the data will be offered for sale if a ransom demand of $100,000 is not met by January 30, 2026.

Alleged Database of PIXPAY is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging a database leak involving PIXPAY, a payment-related platform operating in Senegal. The post claims the dataset contains payment API–related material.

According to the listing, the exposed data allegedly includes JWT tokens, API keys, access tokens, database credentials, and other related information. The threat actor attributes the activity to the LAPSUS$ name, presenting the claim as a statement of responsibility rather than providing independent verification.

Alleged Database of Groupe Fondasol is Leaked

SOCRadar Dark Web Team detected a threat actor post on a dark web forum alleging the leak of an employee database belonging to Groupe Fondasol. The post claims the dataset is shared as a complete CSV file and relates to employee information dated 2026.

According to the forum listing, the data allegedly covers records for 888 employees and includes structured fields such as names, email addresses, job titles, roles, locations, phone numbers, internal identifiers, access tokens, and system-related metadata. Password fields are present but described as hidden. Sample data was shared to support the claim.

From a threat perspective, even with passwords obscured, the exposure of detailed employee and access-related metadata may enable targeted phishing, internal reconnaissance, or follow-on social engineering against the organization.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.

Article Link: https://socradar.io/blog/jobsgo-myvete-pixpay-fondasol-database-leak/

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics