TUI

📱 Saving a phone number first can hide useful Telegram OSINT clues A lot of people save the number to their contacts first 😅 I’d avoid doing that. When you save a number, Telegram may show the name you added in your contacts instead of the person’s actual Telegram details. So you can overwrite useful info before you’ve even started. Try this instead 👇 ✅ Go to: https://t.co/GOO90SHmaC Example: https://t.co/l9EWvIau4W If the number is tied to a Telegram account and the profile is visible, Telegram should open it. You don’t need to save the contact first. You don’t overwrite the original details. The username stays visible if it’s public. Small step, but it has saved me from losing useful identity clues more than once 🕵️‍♂️ Have you used this before? Let me know in the comments 👇 __________ P.S. ♻️ Repost if you found this helpful.

🇮🇩 Indonesia - Bank Jatim - A threat actor is advertising an alleged database linked to Bank Jatim's mobile banking platform, claiming access to approximately 5.7 million records. According to the listing, the exposed data may include: * Full names * Indonesian National Identity Numbers (NIK) * Dates and places of birth * Gender information * Education details * Professional information * Phone numbers * Additional banking-related identifiers The post includes a sample structure allegedly containing customer demographic and personal information. Daily Dark Web has not independently verified the authenticity of the claims or the source of the data. Analyst Note: Financial-sector datasets are among the most valuable assets traded in cybercriminal communities due to their potential use in identity theft, account takeover attempts, financial fraud, social engineering, and targeted phishing campaigns. If authentic, the exposure of national identity numbers combined with personal information would significantly increase the risk to affected individuals. #DDW #Intelligence #DarkWeb #Indonesia

🇮🇩 A threat actor on an underground forum is claiming to have leaked a database allegedly associated with “DPR-RI” — Indonesia’s House of Representatives. According to the forum post, the allegedly exposed dataset contains fields including: • National identity numbers • Full names • Gender information • Place and date of birth • Addresses and regional location data • Phone numbers • Religious affiliation identifiers • Education-related fields • Ethnicity/language-related fields The actor also appears to be distributing the data publicly through downloadable links. At this stage: • The claims remain unverified • No official confirmation has been publicly issued • The source, freshness, and authenticity of the alleged dataset remain unknown If legitimate, the exposure of this type of information could create significant privacy and national security concerns due to the sensitivity of: • Government-linked citizen data • National identity records • Demographic profiling information • Location and contact details Potential risks may include: • Identity theft and fraud • SIM swap and phishing attacks • Political targeting or social engineering • Large-scale profiling operations • Disinformation or influence campaigns • Credential recovery abuse using identity metadata Particularly concerning elements include: • National identity numbers • Religious and demographic attributes • Full geographic information tied to individuals These categories are highly valuable for: • Financial fraud actors • Intelligence collection • Criminal marketplaces • Targeted impersonation campaigns It is also important to note: • Underground forums frequently recycle older government datasets • “Government breach” branding is sometimes exaggerated for visibility • Publicly posted samples alone do not independently verify a full compromise However, government-related identity datasets remain among the most sought-after assets on underground forums because of their long-term operational value. Organizations and agencies potentially affected should: • Validate whether the data is authentic and current • Monitor for abuse of identity information • Review access logs and exposed services • Investigate possible API, cloud, or database exposure paths • Coordinate with national cyber authorities if compromise indicators emerge Users in the region should remain cautious of: • Phishing SMS and emails • Identity verification scams • Fake government communications • Fraud attempts leveraging personal demographic data This remains an unverified underground claim at the time of reporting. #Indonesia 🇮🇩 #DDW #Intelligence #CyberSecurity #DarkWeb #DataLeak #ThreatIntelligence #Government #Privacy #Infosec #IdentityTheft #OSINT #CyberCrime

🇮🇩 A threat actor is advertising an alleged database leak tied to Badan Siber dan Sandi Negara (BSSN), Indonesia’s national cyber and cryptography authority. The underground forum post references data allegedly associated with: • https://t.co/jdZIZAXpEh • Indonesian cyber/security education infrastructure • Identity-related fields • Passport-related references • National identification fields (“NIK”) • SIM/license-related references • Timestamped extraction metadata Based on the visible schema and context, the exposed information may include: • Personal identity information • Student/cadet records • Government-affiliated educational data • Authentication or registration-related fields • Passport or national identity metadata If authentic, this incident would be particularly sensitive because BSSN is responsible for: • National cybersecurity coordination • Government cryptographic operations • Cyber defense initiatives • Security education and cyber talent development • Critical national cyber infrastructure oversight Threat actors often target government cyber agencies and affiliated institutions for: • Intelligence gathering • Political signaling • Reputation damage • Espionage-related operations • Credential harvesting • Access to government-linked personnel information Educational institutions connected to national cyber programs are increasingly targeted because they may contain: • Future government workforce data • Research information • Internal training materials • Government-linked identity datasets • Academic credential systems The mention of identity-related fields such as “NIK” and passport references raises concerns around: • Identity fraud • Social engineering • Credential abuse • Targeted phishing against government personnel or students At this time, the authenticity of the alleged dataset and the method of compromise remain unverified. #DDW #Intelligence #CyberSecurity #DarkWeb #DataBreach #Indonesia #Government #ThreatIntelligence #OSINT #BSSN

🇮🇩 A threat actor is advertising what they claim is a leaked database associated with Indonesia’s Directorate General of Civil Aviation (Direktorat Jenderal Perhubungan Udara Republik Indonesia). Based on the screenshot, the allegedly exposed fields include: • identification numbers • full names • job positions • dates of birth • email addresses/Gmail accounts The sample shown also appears to reference aviation-sector personnel and aviation-related domains, including what appear to be airline-associated email addresses. This type of exposure is particularly sensitive because aviation ecosystems involve: • government regulators • airlines • airports • air traffic operations • contractors • logistics providers • transportation infrastructure Even if the dataset is “only” personnel information, aviation-sector employee data can still be weaponized for: • spear-phishing campaigns • business email compromise (BEC) • credential harvesting • impersonation attacks • insider targeting • operational reconnaissance Aviation remains a high-value target for cyber threat actors because disruption can create: • operational chaos • geopolitical visibility • financial losses • transportation disruption • reputational damage One important analytical observation: the dataset appears to focus more on identity and personnel records rather than technical aviation systems or flight operations infrastructure. There is currently no evidence in the screenshot suggesting compromise of: • air traffic control systems • flight operations systems • aircraft infrastructure • navigation systems • airport OT/ICS environments However, personnel datasets are often the first stage of broader intrusion activity because attackers can use them to: • map organizational structures • identify privileged users • conduct social engineering • launch follow-on credential attacks • target contractors and third parties The inclusion of: • identification numbers • positions/titles • birth dates significantly increases the potential effectiveness of impersonation and phishing operations. Government transportation agencies across Southeast Asia continue facing elevated cyber risk due to: • rapid digital transformation • interconnected transportation systems • legacy infrastructure • broad third-party dependencies • expanding public-facing services At this stage, the authenticity and scale of the alleged leak remain unverified. However, transportation-sector entities should closely monitor for: • suspicious login activity • targeted phishing campaigns • impersonation emails • credential stuffing attempts • unusual access to employee portals 🇮🇩 #DDW #Intelligence #Indonesia #CyberSecurity #DarkWeb #ThreatIntelligence #Aviation #Transportation #Infosec #CyberThreats #OSINT #DataBreach

🇮🇩 Threat actors are advertising an alleged “BCA Mobile Bank Access & Database” dataset targeting Indonesian banking customers. According to the forum post, the seller claims: • ~890,000 mobile banking “accesses” • ~4.9 million database records • Banking-related personal information • Internal/account-related fields allegedly tied to customer data The authenticity of the claims remains unverified at this stage. What makes this concerning is not only the volume, but the wording “accesses,” which often implies: • Account/session access • Credential collections • Infostealer logs • Mobile banking takeover potential • Compromised customer devices If legitimate, the combination of financial data and potential account access could enable: • Fraudulent transactions • SIM swapping • Social engineering campaigns • Account takeover attacks • Money mule operations • Credential stuffing against other financial platforms And honestly… underground forums have evolved from: “Selling hacked Netflix accounts” to “Would you like 4.9 million banking records with that?” Indonesia continues to experience growing cybercriminal interest due to: • Rapid digital banking adoption • Large mobile-first population • Expanding fintech ecosystem • Increasing online payment usage Financial institutions should closely monitor for: • Credential abuse spikes • Suspicious login activity • Large-scale phishing campaigns • Mobile malware distribution • Unauthorized API activity • Anomalous customer behavior patterns Users should: • Change banking passwords immediately if concerned • Enable MFA wherever possible • Avoid SMS-only authentication • Monitor accounts for unusual activity • Be cautious of fake banking calls/messages At this time, the claims should be treated as alleged until independently verified. 🇮🇩 #DDW #Intelligence #Indonesia #CyberSecurity #DarkWeb #ThreatIntelligence #DataLeak #Banking #Infosec