A threat actor has leaked the database of ICBSCAC.org. The victim, the Information Communication Board of the Sarawak Chinese Annual Conference (ICBSCAC), is the official communications body for the Methodist Church in that region of Malaysia.
The actor posted the 360MB SQL database dump on a dark web forum, making it available for download. Analysis of the database structure indicates it originates from the organization’s WordPress website.
According to the actor and the leaked file’s contents, the compromised database includes:
-
User data (logins, hashed passwords, and email addresses from the
wp_userstable) -
Employee and personnel details (from
wp_erp_hr_employeesandwp_erp_peoplestables) -
Website content, including posts and pages
-
Security logs and settings (from Wordfence and All In One WP Security plugin tables)
-
Visitor statistics and logs












