Cyber Threat Actor: 0x2Taylor

0x2Taylor is a threat actor known by the alias 0x2Taylor and has been identified as operating from the United States of America. The actor has claimed responsibility for a series of data exposures that involve the unauthorized acquisition and public release of personal information from various U.S.-based entities. Public reporting links the alias to incidents affecting a data aggregator serving automotive and real estate sectors, a municipal police department, and a major e‑commerce platform.

The actor’s targeting appears focused on organizations within the United States, specifically those handling large volumes of personal data or providing public services. In the Amazon‑related incident, 0x2Taylor stated that the leaked credentials were released after seeking a financial payment of $700 to disclose a vulnerability, indicating a financially motivated objective in that case. For the Baton Rouge police database leak, the actor explicitly cited retaliation against police abuses as the motivation, pointing to a disruption or hacktivist goal. No explicit motive was provided for the data aggregator breach, so only the observed actions are reported.

Regarding tactics, the actor has exploited weak permissions and exposed login credentials to gain access to the Baton Rouge police system, and has taken advantage of a publicly shared MongoDB file to expose the data aggregator’s records. In the Amazon claim, the actor described testing passwords on a server and asserting that the credentials were functional before accounts were disabled, suggesting a reliance on credential validation rather than malware deployment. No specific malware families, toolkits, or advanced tooling styles are referenced in the available sources. Attribution to a state sponsor, criminal consortium, or larger group has not been established; reporting notes that it remains unclear whether 0x2Taylor acts alone or as part of a broader unit. The three highlighted incidents—the 2016 exposure of over 58 million records from a data aggregator, the 2016 leak of roughly 50,000 Baton Rouge police records, and the 2016 claim of 80,000 Amazon user credentials—represent the actor’s publicly reported operations.