📢 Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Get foundational access to breach intelligence — track breaches, leaks, and threats in real-time with unfiltered screenshots and expert summaries.
🏢 About the Victim
The Public Service Commission of Malaysia (SPA) and the Department of Environment Malaysia (DOE) are key government agencies responsible for civil service administration and environmental regulation, respectively.
⚠ Disclaimer
This report includes actual screenshots and/or text that may contain unredacted personally identifiable information (PII).
Dark Web Informer does not endorse unauthorized access or distribution of such content.
This report is for cybersecurity awareness and threat intelligence purposes only.
📌 Overview
On July 28, 2025, the actor Arikos published a post offering for sale a massive trove of sensitive data allegedly sourced from Malaysian government websites — specifically spa.gov.my and doe.gov.my. The listing advertises more than 24 GB of data including names, dates of birth, phone numbers, emails, and hashed passwords, reportedly covering over 2.2 million user records.
The actor is offering exclusive access for $1,000 USD and claims the data spans multiple tables with detailed citizen information.
📊 Key Details
| Attribute | Information |
|---|---|
| Date | 2025-07-28, 09:02:48 AM |
| Threat Actor | Arikos |
| Victim Country | 🇲🇾 Malaysia |
| Industry | Government Administration |
| Victim Org. | Public Service Commission of Malaysia, Dept. of Environment |
| Victim Site | spa.gov.my, doe.gov.my |
| Category | Data Breach |
| Severity | High |
| Network | Tor |
Subscriber-only content…
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
