Ransomware victim disclosure
← All victimsDonut Leaks (self-disclosure / inter-gang dispute)
listed as Who Is MONTY? ;) · Claimed by Donutleaks · listed 3 years ago
Status timeline
- ListedNov 10, 2023
- Data leakeddate unknown
At a glance
- Group
- Donutleaks
- Status
- Data leaked
- Sector
- Business Services
- Listed on leak site
- Nov 10, 2023
About the victim
AI dossier — public-source company profileDonut Leaks is a ransomware and data-extortion threat actor group, not a legitimate company. The leak post describes an intra-criminal dispute in which the Monti ransomware gang claimed Donut Leaks owed them $100,000 USD and allegedly published admin-panel credentials belonging to Donut Leaks.
- Industry
- Cybercrime / Ransomware Operations
Attack summary
Severity: low — The 'victim' is itself a threat actor group, not a company with regulated data or critical infrastructure. The post is an inter-gang dispute announcement with no evidence of exfiltration of third-party sensitive data or operational disruption to legitimate organisations.Monti ransomware group claims to have compromised Donut Leaks' own admin panel and published login credentials; Donut Leaks published this post refuting or responding to that claim. No conventional corporate victim or exfiltrated business data is described.
Data the group says was taken
AI dossier — extracted from the leak post- Admin panel login credentials (alleged)
What the group claims
https://www.databreaches.net/monti-ransomware-gang-leaks-donut-leaksHello. Today we received news that a little-known (or rather unknown) group with the telling name MONTI published a post saying that we owe them 100K USD. MONTI also allegedly posted "login details" for the admin panel(of course, for some unknown reason, either our site…
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

