Leaked “Blacklist” and Hacker Message on Doxbin (vx-underground)
Hackers from the Tooda group have claimed responsibility for breaching the doxing platform Doxbin. According to vx-underground, the attackers wiped all user accounts and locked administrators out of the system.
The conflict between Tooda and Doxbin’s administration erupted after one of the platform’s members was publicly accused of pedophilia. In retaliation, the hackers not only erased the entire database but also threatened to leak confidential user data. Reports indicate they now possess 136,814 records, including user IDs, usernames, and email addresses.
One of the most devastating blows was the publication of a “blacklist”—a roster of individuals who had previously paid to have their data removed from Doxbin. This breach effectively shattered any hopes of maintaining anonymity for those users.
Among the leaked materials was information about a Doxbin administrator known as River, whom the hackers identified as Paula, a 20-year-old Romanian woman. The file contained her personal details along with a warning, demanding she step down from Doxbin.
However, doubts soon emerged regarding Tooda’s claims. According to vx-underground sources, there was no actual system breach—the hackers had likely only obtained administrator login credentials, granting them temporary control over the site. Moreover, the “blacklist” data had reportedly been circulating in private forums for some time, and the Doxbin user database may have already been compromised prior to the attack. As of now, Doxbin remains offline, and Tooda’s Telegram channel has been deleted.
This attack underscores the vulnerability of even platforms like Doxbin to rival factions. Now, former users find themselves in the very predicament they once inflicted on others—their personal information can now be weaponized against them. At the same time, the Tooda incident highlights the importance of verifiable proof in cyberattacks, rather than relying solely on the bold claims of attackers.
