By Adeel Rajpoot
In early April 2025, a single thread on a low-tier dark web forum changed the trajectory of cybersecurity as we know it.
It began with a user named 0xGodRider—a pseudonym cloaked in digital anonymity—who posted a cryptic message:
“12.8kk dump. Mixed. Fullz. Fresh.”
For most, this would read like static. But for cybersecurity experts, intelligence analysts, and criminals trolling the shadows of the internet, it was a nuclear siren. “12.8kk” translates to 12.8 million records—full identity profiles, or “fullz,” containing names, Social Security numbers, bank details, passwords, and in some cases, biometric data. The word “fresh” meant the leak had occurred recently. This wasn’t just another data breach. It was a megadump. And it signaled that the era of slow leaks was over. Now, the data apocalypse was arriving in torrents.
The Anatomy of a Megadump
Gone are the days of carefully orchestrated leaks designed to extract ransom or quietly siphon financial data. In 2025, data is dumped en masse, scorched-earth style, with attackers chasing notoriety more than money. These are not surgical strikes—they are public executions.
WIRED gained exclusive access to members of a digital threat intelligence collective known only as NightSignal, who have been tracking these gargantuan breaches. “The term ‘12.8kk’ is more than a count,” says one analyst who goes by Marrow. “It’s a flex. A signature. Like tagging a city wall after blowing up a server farm.”
Marrow explains that dumps over 10kk (10 million records) are now a weekly phenomenon. The magnitude is staggering. In Q1 of 2025 alone, NightSignal tracked over 110 million records posted across at least 36 different forums and Telegram channels, from medical records in Estonia to IRS transcripts in the United States.
The architecture behind these leaks has become more sophisticated and decentralized. Data is no longer gated behind paywalls or encrypted zip files sold for Monero. Now, large Telegram bots deliver records on command, or forums post plaintext dumps just to cause chaos.
The Motivations: Money, Clout, or Something Worse?
The rise of 2025’s megadumps coincides with an ideological shift in cybercriminal circles. A new generation of threat actors—rooted in anarcho-cyberpunk ideals, crypto collapse resentment, and a deep-seated nihilism—has turned dumping into an act of rebellion. And many of them aren’t in it for profit.
“What we’re seeing is gamification,” explains Lila Moreno, a breach analyst at CipherTrace. “Points for chaos. Clout for exposure. It’s Discord culture meets Black Hat Ops.”
Indeed, much of the dumping activity is now driven by dump challenges—competitions hosted in encrypted IRC successors or Discord proxies, where threat actors compete for bragging rights by posting the largest, most sensitive data troves. Prize? Reputation. And sometimes, a few Bitcoin from private benefactors with their own agendas.
This change in motive has made attribution near-impossible. Nation-states, hacktivist groups, disillusioned insiders—all coexist in these digital dumpsters, indistinguishable from one another.
Victims by the Millions
The human toll is difficult to quantify. One particularly viral dump—labeled “USVet_6.3kk”—included complete profiles of 6.3 million U.S. military veterans, with attached health diagnoses, discharge statuses, and next-of-kin information. It was scraped from a compromised government subcontractor and surfaced on a Vietnamese-language dark forum.
“It destroyed my life,” says a former intelligence analyst who was part of the breach. “My address, my PTSD diagnosis, my deployment records—all of it’s out there. I get extortion texts every day.”
The U.S. Department of Homeland Security quietly issued an internal memo about the USVet leak, which WIRED reviewed. It lists “digital impersonation risk” as “Category 1 Critical” and suggests nation-state exploitation is likely already underway.
This is just one of many. In India, a 4.2kk dump from a major telecom provider exposed facial recognition data tied to Aadhaar IDs. In France, the full DNA sequencing records from a private biotech firm found their way onto GenesisMarkets_v2, a dark bazaar rising from the ashes of Genesis Market’s 2023 takedown.
Breaches as a Business Model
While chaos is the new currency, the economics haven’t entirely vanished. Data brokers have evolved into data traffickers. A WIRED investigation found a persistent offer from a broker named Katar_Bender who sold access to dumps “exclusively curated” for AI model training—training on real user behavior, full dialogue transcripts, even sentiment analysis.
“Companies want AI that feels real,” Katar wrote in a message on an invite-only dark market. “You can’t build that on sanitized data.”
Major tech firms deny purchasing illicit data, but NightSignal analysts say the trails are too well obfuscated to rule it out. “We’re seeing command-line scraping tools optimized for LLM pre-processing,” Marrow notes. “You’re training AI on stolen souls.”
The Infrastructure That Enables It
Dark web forums are no longer dusty phpBB relics. They’re slick, decentralized platforms with blockchain-based access control, DNS over Tor, and built-in AI search bots. Many now offer “live-dump alerts” that ping subscribers when new records matching their interests go live.
Telegram, too, is a primary vector. Several major leak channels—some boasting over 100,000 members—offer subscription tiers for early access to dumps. WIRED joined one such channel under controlled conditions and observed real-time uploads of corporate internal documents, voter registration databases, and even jail surveillance footage from a compromised private prison contractor.
The Future of Dumps
There’s no sign of slowdown. If anything, the scale is accelerating.
Terms like “12.8kk dump” are now a common part of infosec lexicon. Cybersecurity firms are adapting, but it’s a losing race. Defensive AI is slower than attack automation. For every patch deployed, five new zero-days are discovered. And for every takedown operation, three more forums rise in its place.
The cybersecurity arms race has become a trench war of attrition, and in 2025, the data bombings are only getting bigger.
“This is the Napster moment of data,” says Moreno. “Except instead of music, it’s people’s lives being copied, shared, and destroyed.”
The age of megadumps has arrived. The question now is: Who survives it?