Sim.rs

We noticed unusual activity originating from a Telegram channel on June 11, 2025, which led us to investigate a data leak associated with Sim.rs. What struck us was the specific demographic and regional focus of the compromised platform, suggesting a targeted or at least highly relevant attack vector. The nature of the exposed data, particularly the inclusion of physical addresses alongside personal identifiers, presents a heightened risk for follow-on social engineering or physical security threats. The fact that Sim.rs is now defunct adds a layer of complexity to remediation and attribution efforts, as direct engagement with the affected entity is impossible.

The breach, which impacted 29,026 individuals, originated from a database compromise of Sim.rs, a Serbian forum-style website that has since ceased operations. The leaked data, disseminated via a Telegram channel, includes a comprehensive set of personal identifiers: phone numbers, first names, last names, physical addresses, and birthdates. The exposure of physical addresses is particularly concerning, moving beyond purely digital identifiers to information that could facilitate more direct forms of attack. The threat themes observed are consistent with data harvesting for identity theft, targeted phishing campaigns, and potentially even doxxing, given the niche community focus of the forum, which catered to Discord server advertisements, streaming communities, and other specialized groups within the Balkans. The source structure appears to be a direct exfiltration of user account information.

While specific news coverage of this particular Sim.rs leak is limited at this time, the broader trend of data breaches originating from niche online communities and subsequently appearing on Telegram channels is well-documented. OSINT investigations into similar incidents often reveal patterns of attackers targeting platforms with less robust security postures or those serving specific, often younger, demographics. Research from organizations like the Identity Theft Resource Center frequently highlights the increasing sophistication of data aggregation and sale on dark web marketplaces and messaging platforms, underscoring the persistent threat posed by such leaks.

Phone · Number · First · Name · Last · Birthday