Incident Overview

A threat actor using the handle "powder12" is offering unauthorized root SSH access to a US-based tax service server. The compromised system is described as a public website and client portal service that collects and stores sensitive client and family tax data for case processing. The company has been operating for over 15 years.

• Service Type: Public website and client portal for tax case management
• Company Operations: 15+ years in business
• Primary Function: Collect client and family data/documents for tax cases, organize information, connect with responsible advisers, and prepare tax returns for submission
• Data Collection: Questionnaires, Social Security Numbers (SSN), income records, addresses, supporting files
• Database Access: All collected tax information stored in database accessible to admins/advisers for processing and preparing tax returns
• Access Type: SSH access with root privileges via provided user account
• Secondary Access: Server accessible via VNC (Virtual Network Computing)
• Database Status: Database not thoroughly examined by seller ("didn't look good, didn't check, I give it back as it is")
• Pricing: 3k$ (approximately $3,000 USD)