Hacker Leaks Database Info of Security Firm in Act of Revenge


A US-based security firm has become the latest victim of a cyberattack orchestrated by a hacker in act of revenge.

The hacker, calling himself NightLion, claimed to have stolen over 8000 databases from the cyber security firm’s DataViper, a data leak monitoring service, after breaching the DataViper’s backend.


In an email sent to several security reporters on Monday, the hacker provided a link to a dark web portal where information about the hack was posted.

Hacker Leaks Database in Act of Revenge

The attack was believed to be an act of revenge against Vinny Toia, a NightLion Security researcher, who is set to reveal the identity of different notorious hacking groups, including Shiny Hunters, Gnostic Players, #TheDarkOverlord, and more, via a virtual conference on Wednesday.


On the dark web portal, the hacker revealed to have spent three months on the DataViper, which contained databases that Troia had indexed containing information on billions of users impacted by past security breaches.

Among those posted on the hacker’s portal included the full list of 8,225 databases stolen by the hacker, a list of 482 downloadable JSON files providing samples of the stolen data, and proof of access to the DataViper’s backend.

In a statement to ZDNet, Toia wrote:

“When people think they are above the law, they get sloppy. So much so they forget to look at their own historical mistakes. I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven’t learned. All they had access to was a dev environment. Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people’s attention. These are the actions of scared little boys pushed up against a wall facing the loss of their freedom.”

According to him, the hacker indeed gained access to one of the DataViper servers. However, he clarified that the impacted server was simply a test instance.

“Troia told ZDNet that he believes the hacker is actually selling their own databases, rather than any information they stole from his server,” ZDNet noted.

The only news site also wrote that the researcher believes the hacker is likely “associated with several hacking groups such as TheDarkOverlord, ShinyHunters, and GnosticPlayers.”