📢 Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.
A threat actor using the alias mydocs is claiming to sell a database extracted from Casa Dorita, a hotel in Italy. The listing, shared on an open web forum, alleges that the data was exfiltrated via unauthorized access in June 2025. The dataset reportedly contains 2,300+ high-quality identity document scans of hotel guests.
📸 Note: Select screenshots are shown in this post.
Full claim URLs and high-resolution, unredacted screenshots are available exclusively via the private threat feeds for paid subscribers.
👉 Subscribe
🧾 Key Details
Field | Information |
---|---|
Victim Country | Italy 🇮🇹 |
Industry | Hospitality & Tourism |
Victim | Casa Dorita |
Website | casadorita.wbzak.net/it |
Category | Data Breach |
Severity | Medium |
Threat Actor | mydocs |
Network | Open Web |
Claim URL | Paid Subscribers check the threat feed |
🏨 Breach Overview
According to the post, the threat actor gained unauthorized access to Casa Dorita’s systems in June 2025 and exfiltrated a full customer document archive.
📂 Dataset Contents:
- 2,300+ high-quality scans/photos of guest identity documents
- Stored in JPG format
- Includes national ID cards, passports, and driver’s licenses
- Files appear to come from multiple countries (Italy, France, etc.)
💸 Sale Information
Field | Details |
---|---|
Price | $800 |
Contact | Telegram: @mydocs_cx |
📸 Screenshot Previews


Unredacted screenshots and full image set available to subscribers.
🧰 TTPs (MITRE Mapping)
Tactic | Technique ID | Technique Name |
---|---|---|
Initial Access | T1078 | Valid Accounts (or misconfigured access) |
Collection | T1119 | Automated Collection |
Exfiltration | T1041 | Exfiltration Over C2 Channel |
Credential Access | T1555 | Credentials from Web Browsers (if applicable) |
Impact | T1530 | Data from Information Repositories |
Note: Techniques inferred from the nature of the listing and type of data shown.
🧠 Final Thoughts
This leak underscores the growing risk to small and mid-sized hospitality providers handling sensitive guest data. With over 2,000 identity documents allegedly compromised, victims could be at risk of identity theft, fraud, and targeted phishing. Operators in the travel and lodging sector should urgently assess their access controls and offsite storage security.