A threat actor using the alias el_farado has published a large volume of sensitive data allegedly stolen from Nigerian fintech platform Oxygenapp.co. The post, which surfaced on a dark web forum on June 2, 2025, includes database files and identity documents belonging to thousands of users.
According to the actor, the leaked database contains:
- 47,000+ account records
- 23,000+ buyer records
- 11,000+ customer profiles
- 9,000+ borrower entries
- Additional financial data stored in
helppo_pay_requests.csv(11MB)
A screenshot from the shared sample folder shows files titled accounts.csv, buyers.csv, customers.csv, borrowers.csv, and helppo_pay_requests.csv, suggesting the data is structured and organized for bulk exploitation.
Beyond the spreadsheets, the actor also included KYC documents, proof of address, personal videos of the customers, passport-style ID photos, and NIN slips—raising serious concerns about identity theft and fraudulent financial activities.