A dark web actor, “xNov” has posted an alleged full WordPress database belonging to the University Center of Illizi, a public university in southern Algeria.
The actor claims the compromised data includes the entire content management system (CMS) structure, revealing critical components of the university’s website backend.
According to the threat actor, the breach occurred on November 1, 2025, and the leaked database contains numerous .csv files related to WordPress operations and plugin data.
The listed files include exports from:
- Action Scheduler and Depicter documents
- Fluent Forms submissions and entries
- Translation and metadata tables (wp_trp_original_meta, wp_trp_gettext_original_strings)
These files suggest that the compromise may have provided administrative-level access to the university’s website, exposing stored form submissions, internal configurations, and plugin data.
While there is no evidence yet of exposed credentials or user PII within the CSV list, the inclusion of form-related tables like wp_e_submissions.csv and wpforms_entry_meta.csv raises the possibility that student or staff contact details may have been included.
Potential Impact
If verified, this breach could expose:
- Backend credentials and CMS configurations vulnerable to re-use attacks.
- Student and administrative submission data, if captured through forms.
- Web infrastructure weaknesses, allowing further compromise of linked domains.
Such information could enable secondary exploitation, including website defacement, phishing infrastructure setup, or credential stuffing attacks across other Algerian educational platforms.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and situational intelligence purposes.
Follow Updates: t.me/cyhawkafrica