SOCRADAR’S Dark Web Team identified multiple new underground posts this week alleging data leaks and sales involving Eholo, OptimizerAI, PlayStation, Florajet, Coinbase and a MalFactory stealer builder. According to SOCRadar Dark Web Team, the Eholo post claims to have extracted the Eholo Health database, including 1,146,700 medical notes and 601,308 user PII records, with a $300,000 ransom demand and a deadline of 15 March 2026.
The post about OptimizerAI[.]xyz describes more than 118,000 users with unique emails, usernames, timestamps and Discord fields, and more than 1.1 million sound generation records. A PlayStation data post claims 500,000 logs in a CSV with about 559,978 lines, listing fields such as ID, username, password and other account details.
The MalFactory Stealer Builder is advertised as a custom stealer MaaS with features including 2FA, cookie theft and anti-VM checks, with pricing options such as $40 one-time payment and other plans. The Florajet listing claims 1,457,473 orders from 2023 to 2026, totalling 136GB, with about 952,000 unique phone numbers and 1.2 million unique full addresses. Coinbase is alleged to have 300,000 lines of login data in a user CSV file, accompanied by multiple Coinbase-related URLs and a Telegram contact.