A threat actor has leaked data allegedly stolen from the South Korean company BlossomCloud. According to the actor’s post, the incident occurred in November 2025 after a contractor working with the company was breached.
This third-party compromise reportedly led to the theft of source code for Blossom Cloud’s “BanBan Play” service. The actor also specified that source code for the company’s iOS build was taken.
The actor, who is releasing the data as part of a larger dump from the contractor breach, claims the compromised files include:
-
Source Codes
-
SQL Files
-
Configuration Files
-
API Keys
The threat actor provided a complete file tree as a sample to substantiate their claims. The sample shows a detailed directory structure for numerous repositories, including blossom-cloud-admin, blossom-cloud-ai, blossom-cloud-aos, blossom-cloud-backend, and blossom-cloud-iOS, appearing to confirm the scope of the source code leak.












