An unnamed actor has leaked a treasure trove of internal data from Media Land, one of the largest bulletproof web hosting providers. The leaked files contain sensitive details about the company’s past customers, the services they contracted, and the kinds of data hosted on its servers.
Media Land, a Russia-registered company operating for over a decade, has been known for providing secure hosting solutions that have been used by cybercriminals worldwide.
The leaked documents, some as recent as February 2025, provide evidence of the platform's involvement in hosting various illicit operations, including malware command and control servers, ransomware infrastructure, phishing kits, data exfiltration servers, and even systems used for malicious code-signing.
Threat intelligence firm Prodaft believes that the hacker behind the Media Land breach is likely the same group responsible for a previous leak in mid-February, which saw internal communications from the notorious BlackBasta ransomware group exposed.
The data also includes personally identifiable information (PII), financial details and critical Indicators of Compromise (IOCs), which could assist researchers in connecting the dots between various cybercrime operations.
Yalishanda, the public face and suspected main administrator of Media Land, has confirmed the breach on an underground hacking forum, stating that the company is currently addressing a technical issue. However, it remains unclear whether the hacker gained access through the BlackBasta servers or if the breach occurred through another vector entirely.
