-
A threat actor claims to have leaked the complete source code and database for proxy service InsideProxy on an underground forum.
-
The post appears to stem from a personal dispute with the service’s operator rather than an attempt to profit from selling the data.
-
There’s nothing to prove the documents are authentic. But if the claims eventually turn out to be legit, the leak exposes sensitive application data, API keys, customer information, and infrastructure that hackers can exploit for bigger attacks.
The source code and database tied to a Romanian proxy server provider, InsideProxy, is reportedly floating around a cybercrime forum. This has brought new concerns regarding the safety of proxy servers and the risks insider conflicts pose.
A threat actor posted on the forum, describing what they claim is InsideProxy’s source code, plus the complete database. The actor also provided a public link from which any interested party could download the files.
Leak linked to internal dispute among InsiderProxy operators
Unlike most dark web data dumps, this leak does not seem to have any financial motivation behind it. The attacker did not offer the information for sale. Instead, they claimed that they’re releasing the data publicly because of a conflict with the proxy service’s operator.
Revenge-driven leaks are quite common in cybercrime circles. Sometimes, ex-partners, developers, moderators, and administrators can dump internal information because of some dispute instead of trying to make money off it.
Currently, there aren’t any independent sources that have verified the legitimacy of the leak or its connection to InsideProxy. It’s hard to tell whether the information is real or fake without examining the dumps.
What is InsideProxy?
InsideProxy is a relatively new proxy service that markets residential, mobile, ISP, and datacenter proxies for businesses and developers. According to the official information available on the website, this website provides users with proxy access to over 195 countries and supports HTTP and SOCKS5 connections.
InsideProxy reportedly offers services such as web scraping, SEO tracking, advertising validation, automation, and data gathering. The service has promoted itself through cyber-related forums while also maintaining a public commercial website and customer review profiles. The public registration information shows InsideProxy’s domain registration only happened in late 2025, meaning it’s quite new in the industry.
Why source code leaks matter
Even without the presence of client data, source code leaks are capable of causing significant security concerns. The source code provides attackers with a map of how the system functions.
It can disclose authentication methods, administrative features, database structure, connections with other systems, including secret endpoints. In addition, it can reveal source code errors that would be hard to detect otherwise.
Security teams also worry about hardcoded secrets embedded within source code. Developers sometimes accidentally leave API keys, encryption keys, passwords, cloud credentials, or internal URLs inside applications. If those secrets remain active after a leak, attackers could gain access to production systems without exploiting software vulnerabilities.
Database leaks introduce another layer of risk. Depending on their contents, they can expose client data, login details, payment data, service settings, support tickets, or usage logs. To date, there is no proof revealing the contents of the allegedly leaked InsideProxy database.
The risks are not limited to private companies; the European Space Agency was recently hit by cyberattacks that led to staff data being leaked on the dark web.
Potential downstream impact
The biggest risk may not be limited to InsideProxy itself. If a company integrates its services into automated workflows and uses API credentials or long-lived authentication tokens stored somewhere in the service, then such credentials are susceptible to misuse by attackers.
Experts often recommend rotating exposed credentials after a suspected source code leak incident, even if the leak verification is incomplete. Organizations that use InsideProxy should check authentication keys and monitor account activity. Also, be on the lookout for suspicious behavior until more updates surface.
Verification remains the missing piece
Security professionals are often skeptical about underground forum leaks. Why? Cybercriminals may often use false breach claims to garner attention, tarnish someone’s reputation, or just settle scores with other people. There are instances where the leaked data can be legitimate but might not be complete, no longer valid, or repackaged from previous leaks.
The verification of such cases is normally done by analyzing the structure of the files, metadata, and also database schema validation. Researchers often compare source code, too, and check if the credentials are valid. None of those steps has been completed publicly for the alleged InsideProxy leak.
This incident teaches us an important lesson about security. Companies usually concentrate on protecting themselves from external threats while neglecting possible threats coming from their employees, ex-employees, vendors, or partners, who might have already had access to the company’s assets.
Whether this leak turns out to be fake or genuine, it’s another reminder that source code repositories, development environments, and systems for managing credentials need the same level of protection as production infrastructure. Once source code leaks into the public domain, it will be hard to regain control over it.