Skip to content
Support
Sign In Subscribe
Leaks

Amazon's Wickr Enterprise Admin API Access and Payment Keys Allegedly Leaked on Hacking Forum

 and  Dark Web Informer
10 min read
Breach Report United States flagUnited States Technology

Amazon's Wickr Enterprise Admin API Access and Payment Keys Allegedly Leaked on Hacking Forum

A threat actor using the alias Orcinusorca claims to have gained deep access to the production infrastructure of Wickr Enterprise, the AWS-owned secure enterprise messaging platform. In a post framed as a "leak," the actor shares what they describe as proof of access to the production Admin API (via CloudFront/Envoy) and says they obtained internal API keys and Braintree production payment keys. The evidence shown is a set of HTTP response headers and a small JSON snippet rather than a data dump. The claim is unverified, the evidence is limited, and Amazon/Wickr has not publicly addressed it.

ImpactAdmin API access
TypeAccess + key leak
CountryUnited States flagUnited States
ActorOrcinusorca

Post details

TargetWickr Enterprise (Amazon AWS)
CountryUnited States flagUnited States
SectorTechnology / Secure Messaging
ClaimProduction Admin API access + leaked keys
EvidenceResponse headers + JSON snippet
ObservedJun 11, 2026
Data dumpNone shown
ActorOrcinusorca (new account)

!What is claimed

  • Production Admin API access (claimed)
  • Internal API keys (claimed leaked)
  • Braintree production payment keys
  • AWS internal admin console reference
  • Envoy / CloudFront infrastructure detail
  • Secure enterprise messaging platform
  • No user-data dump shown
  • New, unproven forum account

Screenshot

Wickr Enterprise alleged admin API access Screenshot 1 Screenshot 1 Redacted preview

Potential impact

If genuine, access to the production Admin API of a secure enterprise messaging platform, together with leaked internal API keys and production payment-processing keys, would be a serious infrastructure compromise: payment keys could enable fraud, and admin-level access to a product marketed for confidential communications is especially sensitive given its enterprise and government user base. That said, the "proof" shown is limited to response headers and a short JSON snippet, which do not by themselves establish admin control; the account is brand-new, and the framing is grandiose. Claims of this kind are frequently exaggerated. If the access and keys are real the impact could be critical, but as presented it is unverified and warrants caution.

iStatus

Unverified

The actor posted response headers and a JSON snippet as "proof of access" on an underground forum; the leaked keys and any specific endpoint or host details are not reproduced here. We have not validated the access or the keys, and as a precaution any named keys should be treated as potentially compromised pending review. The claim has not been independently confirmed and Amazon/Wickr has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest