Skip to content
Tips
Support
Sign In Subscribe
Leaks

Colombian Poultry Company Avícola El Madroño Allegedly Breached, 860MB of Data Leaked

 and  Dark Web Informer
10 min read
Breach Report Colombia flagColombia Food / Retail

Colombian Poultry Company Avícola El Madroño Allegedly Breached, 860MB of Data Leaked

A threat actor using the alias Saturne has posted what they describe as an 860MB data leak from Avícola El Madroño S.A. (avicolaelmadrono.com), a Colombian poultry and prepared-foods company based in Bucaramanga, and is sharing it for free. Alongside the data, the actor published a write-up claiming they reached it through a series of basic security failures, including publicly exposed, unauthenticated diagnostic and backup interfaces, enabled directory listings, an open file-upload form, and database administration panels accessible with default or weak credentials. Per the post, the exposed data includes accounting and payment records with people's names and ID numbers, customer files, and user-account tables, with application passwords stored as weak MD5 hashes. The dataset's authenticity and scope are unverified.

Data860MB
AccessFree leak
CountryColombia flagColombia
ActorSaturne

Post details

TargetAvícola El Madroño S.A. (avicolaelmadrono.com)
CountryColombia flagColombia (Bucaramanga)
SectorFood / Retail (poultry)
Claim860MB of database and files leaked
DataPII, payment records, credential hashes
VectorExposed services + default/weak credentials
FreshnessJun 2026
Observed

!Allegedly included

  • 860MB of data (claimed)
  • Names & ID numbers
  • Payment / accounting records
  • Customer / client files
  • User-account tables
  • App passwords (MD5 hashes)
  • Database account hashes
  • Misconfigured infrastructure

Screenshot(s)

Avicola El Madrono data breach forum post screenshot, June 2026 (1 of 2) Screenshot 1 Redacted preview Avicola El Madrono data breach forum post screenshot, June 2026 (2 of 2) Screenshot 2 Redacted preview

Potential impact

This breach is serious because it reportedly combines customer and accounting PII with credential material and a full compromise of the company's database environment. The exposed records are said to include names, ID numbers, and payment amounts from accounting files, customer data, and user-account tables, which together enable identity theft, fraud, and targeted phishing against the company's customers and staff. The exposure of database account hashes and application passwords stored as weak MD5 hashes is especially concerning, since MD5 can often be cracked quickly, potentially handing attackers reusable credentials and deeper access. The actor's account also indicates the underlying infrastructure was extensively misconfigured, which raises the risk of repeat or copycat intrusions until the issues are fixed. To avoid aiding further attacks, this report does not reproduce the specific systems, credentials, addresses, file paths, or exploitation steps described in the post. The authenticity and scope are unverified.

iStatus

Unverified

The actor published an intrusion narrative, a file listing, multiple download mirrors, and a contact handle; none of the exploitation specifics, internal system details, credentials, download links, or the actor's contact channel are reproduced here. This is the same alias behind other recent European and Latin American website leaks. The claim has not been independently confirmed and Avícola El Madroño has not publicly addressed it. Given the misconfigurations described, the company should treat all exposed credentials as compromised and urgently review its public-facing infrastructure.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest