The dark web is a hidden corner of the internet, as we know. Criminals use it to sell illegal drugs, stolen data, and harmful content. It’s a place where illegal activities can hide from regular law enforcement. In this month, the dark web was in the spotlight. Police took decisive action against crime. Massive data breaches exposed millions of users. Child abuse networks were dismantled. This digest covers eight major stories from August 2025 to September 2025.
Hacker offers to sell 15.8 million plain-text PayPal credentials on dark web forum
On August 18, 2025, a hacker named Chucky_BF offered 15.8 million PayPal credentials for sale. The data included email addresses and plain-text passwords. It was listed on a dark web forum for just $750. The credentials were linked to Gmail, Yahoo, and other email domains. They also included PayPal-specific URLs for web and mobile logins. The data likely originated from infostealer malware, rather than a direct PayPal breach.
This leak poses serious risks. Criminals could use the credentials for fraud, phishing, or account takeovers. PayPal urged users to change passwords and enable two-factor authentication (2FA). Using a password manager can help create strong, unique passwords. Regularly checking account activity is also key.
Germany is a prime target for dark web and ransomware attacks
Germany faced a surge in cyberattacks in August 2025. A SOCRadar report found that 20.68% of compromised data in stealer logs came from Germany. This is almost three times more than Brazil (6.55%) or India (5.62%). Stealer logs are bundles of data stolen by malware. They include sensitive information like passwords and financial details.
The dark web analysis showed 74.6% of threat posts targeted Germany alone. The rest included other countries. Ransomware hit Germany’s manufacturing sector hardest, with 18.15% of attacks. The information sector and IT services were also hit. Germany’s strong economy makes it a prime target. Companies need to prioritize cybersecurity.
Italy: Nearly 100,000 ID scans from hotel guests found on dark web
In August 2025, Italian authorities found 90,600 ID scans for sale on the dark web. The data included passports and ID cards from hotel guests. A hacker named “mydocs” stole the data from hotel systems between June and August 2025. The breach affected 10 hotels in Italy. More could be discovered later.
The Agency for Digital Italy (AgID) detected the sale with help from its cybersecurity team. Stolen IDs can be used for fake documents, bank fraud, or identity theft. The Italian Data Protection Authority has urged hotels to secure their data and inform guests. Hotels were told to use the state’s Alloggiati portal for guest registration.
UK data breach exposes Afghan allies to Taliban threat
In August 2025, a violation of the UK Ministry of Defence leaked data on 7,000 Afghan allies. The data included names, addresses, and photos. It was sold on the dark web. This put the Afghans at risk of Taliban attacks. The breach happened due to a poorly secured server.
The UK launched a secret evacuation plan. But many may not get help or compensation. This shows how dark web leaks can cause real-world harm. Governments must secure sensitive data.
Ex-childcare worker charged for filming explicit images; dark web footprint led to arrest
In August 2025, Australian police arrested David James, a 26-year-old childcare worker in Sydney. He was charged with filming explicit images of 10 children, aged 5 to 6, at six childcare centers from 2021 to 2024. The Australian Federal Police (AFP) found his dark web activity, leading to his arrest. James faces nine counts of producing child abuse material and other charges.
The case shocked Australia’s childcare sector. It followed other abuse scandals, raising calls for stricter rules. The AFP is identifying victims and notifying families. James also worked as a probationary constable, unknown to the police.
Hackers are selling police email accounts for just £4 on the dark web
In August 2025, hackers sold police and government email accounts on the dark web. Prices were as low as £4. Accounts included those from the U.S. Postal Service, the FBI, and the Italian police. Others came from Brazil, Mexico, and Thailand. The seller offered hundreds of accounts with access to investigative tools like license plate databases.
These accounts can be used to send fake legal requests or steal sensitive data. They bypass standard email security. The FBI warned about this trend last year. Governments need to limit account access and monitor connections.
Your kidneys for sale on the dark web! The DaVita ransomware attack affects 2.4 million patients
On March 24, 2025, DaVita, a US hemodialysis company, suffered a ransomware attack. It lasted until April 12. The attack affected 2.4 million patients. Hackers stole names, addresses, Social Security numbers, and health data. This included diagnoses and lab results. Some phone numbers and check images were also taken. The data was sold on the dark web.
The Interlock group claimed responsibility. They’ve hit healthcare before, like Kettering Health. DaVita offered free credit monitoring to victims. Patient care wasn’t disrupted, but the breach poses a risk of fraud.
Police bust dark web paedophile ring spanning three states, suspected mastermind allegedly exploited baby adoption process
On August 29, 2025, Malaysian police dismantled a dark web paedophile ring. The operation, Op Pedo, ran from July 19 to August 19. It spanned Johor, Selangor, and Penang. Police arrested 11 suspects, including a 29-year-old technician believed to be the mastermind. They rescued five children, aged two months to five years.
The main suspect used Facebook to source babies for adoption. He paid mothers RM1,500 to RM3,500 for their babies. He then sold child abuse images and videos on Telegram and the dark web. Police seized phones, hard drives, and documents. The children are now with the Social Welfare Department. This case shows how criminals exploit trust. It calls for better oversight of adoption processes.
August 2025 highlighted the serious threats posed by the dark web—the PayPal breach exposed 15.8 million credentials, risking fraud. Germany’s industries faced heavy ransomware and data theft. Italian hotel hacks leaked 100,000 guest IDs. The UK’s Afghan data breach endangered lives. A Sydney childcare worker was caught using evidence from the dark web. Police email accounts were sold for £4, threatening security. DaVita’s ransomware attack hit 2.4 million patients. A Malaysian paedophile ring was stopped, saving kids. These events prove that the dark web fuels crime. Global law enforcement is fighting back. Individuals must use strong passwords and 2FA. Businesses need audits and backups. Monitoring dark web forums can catch leaks early. The dark web continues to evolve, but robust cybersecurity can mitigate its harm.
