Menu
Browse

Cyber Threat Actor: @rmsg0d

Actor Type Location Known Incidents
 Icon
Sensationalist
Pakistan
1 incident
Profile

The threat actor known by the alias @rmsg0d has been publicly identified as operating from Pakistan and as a member of the hacking collective TeaMp0isoN. The alias @rmsg0d appears in the context of a specific data breach where the actor released a forum database attributed to TeaMp0isoN. No further public records link @rmsg0d to additional aliases, geographic locations beyond Pakistan, or other organizational affiliations beyond the stated group. The available open‑source material does not describe the actor’s internal structure, funding sources, or any state‑level connections.

On May 24, 2015, the Minecraft Pocket Edition forum hosted at minecraftpeforum.net was compromised, and the actor @rmsg0d posted a dump of the site’s user database. The forum in question served as a community hub for players of the mobile version of Minecraft known as Pocket Edition. The dump contained 16,125 records, each record including fields such as user ID, username, password hash, salt, login key, email address, and various forum participation details. In a subset of the records, users had voluntarily supplied their birth dates, which were also exposed in the leak. Analysis of the leaked data indicated that the information had not previously appeared in any publicly indexed repository, suggesting this was the first public disclosure of those records. The compromise occurred shortly before the domain minecraftpeforum.net expired, and the expiration prevented the forum administrators from being contacted directly for verification or notification. Because the domain was no longer active at the time of discovery, the reporting site DataBreaches.net could not reach the forum owners to confirm the breach or to alert affected users via email. An update provided by the source noted that, after deduplication, the database represented 16,037 unique accounts. The incident is the only publicly documented operation attributed to @rmsg0d in the supplied material, and it illustrates the actor’s use of database exfiltration and public dumping as a tactic.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source