SOCRADAR’S Dark Web Team identifies multiple underground posts in a report published on 4 May 2026, including a claim of 20.65 million Indonesian WhatsApp numbers being shared. The article notes a separate listing advertising OpenVPN access into an Indian financial services target, marketed with owner privileges and an asking price of $1,130, described as verified.
It also reports a sale tied to CVE-2026-42208 for a LiteLLM Proxy exploit scanner, with the seller claiming the package includes code, usage procedure, and “FOFA dorks.” In addition, a listing is alleged to offer 15 million BIN-tagged personal leads with USA 80% coverage and an auction-style pricing format under escrow.
The report mentions a PHI and medical data buyer post for Western Europe seeking PII + PHI, claiming access to 500+ GB of data, including 1.5 million PHI documents, plus 200+ GB of source code and references to private keys. These posts illustrate ongoing underground demand for consumer targeting data and healthcare records, while officials note that not every claim may be accurate.