Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged Data Breach of Casa Dorita Hotel in Italy

📢 Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.

📚
4,000+ Blog Posts: Continuously updated with breach reports and threat summaries.
📢
26,000+ Alerts: Access detailed breach, leak, and DDoS alerts updated daily.
📤
Unredacted Threat Feed: Track breaches and leaks in real-time with JSON export support.
🔍
Leak & Breach Coverage: Get direct access to breach posts and claims.
📡
Snippets & Quick Facts: Receive concise summaries of DDoS, defacements, and breaches.
🌐
Access 500+ Onion and Clearnet Resources: Gain verified access to a growing index of dark web sites and services.
📊
Real-Time Uptime Dashboard: Monitor live status of 500+ dark web and clearnet sites.
🤖
WhiteIntel.io API Access: Access an integrated API, in breach blog posts.
🖼️
High-Resolution Images: View uncompressed, watermark-free breach evidence.
🔑
Keyword Notifications: Receive browser alerts when monitored keywords are triggered.
👥
Telegram Channels: Stay in the know with access to different Telegram channels.
📨
PGP Contact Details: Access verified PGPs for ransomware and threat groups.

A threat actor using the alias mydocs is claiming to sell a database extracted from Casa Dorita, a hotel in Italy. The listing, shared on an open web forum, alleges that the data was exfiltrated via unauthorized access in June 2025. The dataset reportedly contains 2,300+ high-quality identity document scans of hotel guests.

📸 Note: Select screenshots are shown in this post.
Full claim URLs and high-resolution, unredacted screenshots are available exclusively via the private threat feeds for paid subscribers.
👉 Subscribe

🧾 Key Details

FieldInformation
Victim CountryItaly 🇮🇹
IndustryHospitality & Tourism
VictimCasa Dorita
Websitecasadorita.wbzak.net/it
CategoryData Breach
SeverityMedium
Threat Actormydocs
NetworkOpen Web
Claim URLPaid Subscribers check the threat feed

🏨 Breach Overview

According to the post, the threat actor gained unauthorized access to Casa Dorita’s systems in June 2025 and exfiltrated a full customer document archive.

📂 Dataset Contents:

  • 2,300+ high-quality scans/photos of guest identity documents
  • Stored in JPG format
  • Includes national ID cards, passports, and driver’s licenses
  • Files appear to come from multiple countries (Italy, France, etc.)

💸 Sale Information

FieldDetails
Price$800
ContactTelegram: @mydocs_cx

📸 Screenshot Previews

Unredacted screenshots and full image set available to subscribers.

🧰 TTPs (MITRE Mapping)

TacticTechnique IDTechnique Name
Initial AccessT1078Valid Accounts (or misconfigured access)
CollectionT1119Automated Collection
ExfiltrationT1041Exfiltration Over C2 Channel
Credential AccessT1555Credentials from Web Browsers (if applicable)
ImpactT1530Data from Information Repositories

Note: Techniques inferred from the nature of the listing and type of data shown.


🧠 Final Thoughts

This leak underscores the growing risk to small and mid-sized hospitality providers handling sensitive guest data. With over 2,000 identity documents allegedly compromised, victims could be at risk of identity theft, fraud, and targeted phishing. Operators in the travel and lodging sector should urgently assess their access controls and offsite storage security.

Latest