Doxbin, a platform infamous for doxxing and exposing personal information, has suffered a major data breach orchestrated by the hacker group Tooda. The attackers deleted user accounts, locked out administrators, and leaked a massive database containing 136,814 user records, including usernames, email addresses, and a so-called “Blacklist” file—detailing individuals who had allegedly paid to keep their information off the site. The breach appears to be fueled by a long-standing rivalry between hacker groups, with Tooda claiming their attack was in response to accusations against one of their members.

As part of the leak, Tooda also exposed personal details of a Doxbin administrator known as "River," whose real name is allegedly Paula. The data dump includes a message warning Paula to leave the Doxbin community, blaming her for the leak of the Blacklist file and criticizing her ties to a ransomware-affiliated individual. The breach not only compromises user privacy but also highlights internal conflicts within underground cybercriminal networks, where control over illicit platforms can be highly contested.

For Doxbin users, this breach presents a serious risk. Even with only usernames and email addresses exposed, the data can be cross-referenced with other leaks, potentially unmasking individuals involved with the platform. With Doxbin currently offline, its users may now face the same exposure they once facilitated against others. This incident underscores the vulnerability of even illicit platforms to cyberattacks, proving that no one operating in the shadows is entirely safe.