Abishek D Praphullalumar
The infamous LockBit ransomware gang has ironically become a victim of a data breach themselves. Hackers compromised LockBit’s affiliate management panels on the dark web, replacing them with a message: “Don’t commit crimes. Crimes are bad. Greetings from Prague”, alongside a download link to a leaked MySQL database dump.
The leak, first spotted by threat actor Rey and analyzed by BleepingComputer, exposes over 60,000 unique Bitcoin addresses, malware build configurations, victim negotiation messages, and a user list containing 75 admins and affiliates. Shockingly, passwords were stored in plain text with usernames like Weekendlover69 and Lockbitproud231.
The breach occurred on April 29, 2025, possibly exploiting a PHP 8.1.2 vulnerability (CVE-2024-4577). Interestingly, the hacker’s message mimics one seen during a recent breach of the Everest ransomware group, hinting at a possible link.
LockBit’s operator has confirmed the breach but claimed no private keys or sensitive data were lost. This marks another blow for LockBit following 2024’s Operation Cronos crackdown.
