A new post on the dark web has sent ripples through Italy’s web hosting sector. The post claims to offer full access to thousands of MySQL databases allegedly taken from several shared hosting providers across the country.
The listing appeared this week on a well-known underground forum, titled “Italian hosting service sites – 9 more 40 servers – 526193 site’s backup – 4631 hosting customer – 6546 MySQL db’s.” The seller, who goes by the handle “010010,” priced the alleged dump at $1,000 in TRC20. He claims it contains complete customer data, usernames, passwords, and backups.
Screenshots shared alongside the post show several SQL files, roughly 1.3 GB in total. One of the files, named “t_payservice_mysql,” includes what appear to be credentials written in clear text. Another screenshot, taken from a computer set in Turkish, displays a file path that includes the name “stanislav karacetin.” Analysts believe this may identify the system used to collect or store the leak.
According to open-source intelligence, “010010” is not new to the underground scene. The account has existed since 2018 and regularly posts offers connected to leaked databases. The seller released the data on October 14, 2025, showing it is very recent, but experts have not yet verified its authenticity.
As per the experts, the organization of the leaked files appears to be in agreement with the structure of a shared hosting setup. Databases labeled with company names and client prefixes indicate environments where multiple users share the same servers. In case that is true, it would be an exposure of thousands of websites, among them would be the admin credentials and backups.
The dangers are visible to the naked eye. The wrongdoers could take advantage of the information for identity theft, creating a fake site, or even inserting backdoors into the customer’s websites. Once attackers compromise a shared node, the infection spreads quickly.
While none of the hosting companies mentioned have commented, cybersecurity researchers warn that this kind of breach underlines a long-standing issue: shared infrastructure often trades convenience for security, leaving a wide attack surface open for exploitation.
