A threat actor operating under the alias Cracked has listed a database allegedly dumped from the South African domain sadsaa-cof.co.za for sale on an underground forum.
The actor claims the leak is a phpMyAdmin dump containing:
- 106MB uncompressed / 19.5MB compressed data
- 70,000 records with email addresses
- 592,000 total lines of data
- Personal and contact information, including names, phone numbers, addresses, and emails
The sample posted contained names, identification numbers, phone numbers, physical addresses, and other sensitive fields. The threat actor states the database was dumped on June 3rd, 2025.
If legitimate, this leak exposes thousands of South African individuals and businesses to:
- Phishing campaigns
- Identity theft
- Targeted scams using detailed personal and contact information