Breach did not lead to any private key exposure or data loss.
The LockBit ransomware operation has been impacted by a data breach, resulting in the defacement of its admin panels.
According to Bleeping Computer, the defacement included a message with a link redirecting to an archive file, which was noticed by threat actor ‘Rey’ to have an SQL file from its affiliate panel's MySQL database.
The breach was confirmed by LockBit operator LockBitSupp, who said it did not lead to any private key exposure or data loss.
Additional analysis of the exposed database showed its inclusion of a "chats" table containing more than 4,000 LockBit negotiation conversations with its victims between December 19th and April 29th. A "btc_addresses" table with nearly 60,000 unique bitcoin addresses, and a "users" table detailing the ransomware gang's 75 admins and affiliates with affiliate panel access were detailed, along with "builds" and "builds_configuration" tables that feature individual affiliate-created builds and their respective configurations.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
