In a dark web forum post, a threat actor has claimed responsibility for a data breach involving SenangPay, a prominent Malaysian payment solutions provider. SenangPay, known for its payment solution catering to both online and offline transactions. The post alleges that the threat actor has obtained a vast amount of sensitive personal and financial information from the company’s systems.
The threat actor claims to have breached SenangPay, obtaining files that purportedly contain personally identifiable information (PII). The allegedly exposed data:
- Names
- Malaysian ID numbers
- Phone numbers
- Email addresses
- Business registration details
- Malaysian bank BIN numbers.
The breach is said to involve three SQL files, each containing extensive datasets:
- Main SenangPay App SQL File: Comprising 97 tables out of the original 99, excluding two tables that allegedly contain non-essential API callback data.
- Backup of SenangPay App SQL File: A backup version mirroring the contents of the main SQL file.
- SQL File Related to SenangPay Zakat: Specific details regarding transactions and other data related to Zakat payments processed through SenangPay.
The threat actor is demanding 2 BTC for the data, offering to facilitate the transaction through escrow and giving priority to SenangPay. Interested parties can contact the seller directly via direct message on the forum.
![[Updated]Austrian Crypto Giant Bitpanda Allegedly Breached – 5.4 Million User Data for Sale](https://dailydarkweb.net/wp-content/uploads/2025/06/bitpanda-350x250.webp)
