Luca Stivali : 16 October 2025 08:03
A troubling discovery on the dark web reveals that access is being offered to thousands of MySQL databases linked to various Italian shared hosting providers. The finding surfaced in a forum post that explicitly mentions over 526,000 website backups and thousands of customer databases.
Details of the Breach
The post, titled “Italian hosting service sites – 9 more 40 servers – 526193 site’s backup – 4631 hosting customer – 6546 MySQL db’s,” indicates a vast dataset for sale. The seller, operating under the alias 010010, has a history on the platform dating back to 2018 and is asking for $1,000 in TRC20 cryptocurrency for the data dump, purportedly from Italian hosting infrastructures.
Accompanying screenshots illustrate the seriousness of the breach:
- A substantial SQL dump, approximately 1.33 GB, containing multiple files named likely after different clients or environments.
- Complete access to MySQL databases, including sensitive information such as usernames and passwords stored in plaintext.
- Customer account details potentially belonging to both resellers and the end users of Italian web hosting services.
A particularly alarming detail is the seller’s promise to provide the phpMyAdmin root password, suggesting that access extends beyond mere data retrieval to full control of the database management system.
Understanding the Seller: Profile of “010010”
A preliminary analysis of the seller’s profile provides important insights:
- The username 010010 indicates a deliberate choice, signaling a technical background.
- The seller’s request for payment in USDT TRC20 and an interest in technical buyers denote a focus on professionals proficient in database management.
- Screenshots reveal the use of a Turkish operating system, implying a geographical link or identity clue about the seller.
- The files timestamp of 10/14/2025 matches closely with the posting date, suggesting real-time distribution of the data.
This evidence raises questions about the seller’s operational base, likely in a Turkish-speaking region, and reflects a typical profile of underground data vendors skilled in navigating the cybersecurity landscape.
The Vulnerability of Shared Hosting Services
While the specific hosting providers remain unidentified, the technical characteristics of the exposed data match patterns often seen in Italian shared hosting environments. Indicators include database names connected to client businesses and instances of multiple domains across numerous users.
The causes of such a breach usually stem from:
- Exposed administrative panels (like cPanel or Plesk) using weak or easily guessable passwords.
- Known vulnerabilities within common content management systems (such as WordPress and Joomla).
- Poor boundary management between clients’ data, potentially allowing widespread access from a single breach point.
A Looming Threat to Italian Businesses
If the purported data is authenticated, the fallout could be significant. The databases for sale reportedly contain:
- Customer account data
- Passwords
- Domain registration codes
- Complete website backups
The ramifications of this data being exploited include:
- Digital identity theft with potential website cloning.
- Unauthorized access to critical account management areas.
- Infection through supply chain vulnerabilities, allowing the injection of malware.
- Secondary attacks targeting customers linked to the compromised hosting services.
Forums like the one where this data is being sold serve as significant black markets for compromised data and credentials. The alarming reality highlights the ongoing vulnerabilities within shared hosting sectors, particularly in Italy. The monetary value of $1,000 for such extensive access starkly contrasts with the severe risks facing countless businesses.
Red Hot Cyber continues to track the implications of this data breach and its connections to prominent hosting providers in Italy. The situation underscores the precariousness of security in shared hosting environments that manage numerous websites daily.
