Cyber Threat Actor: pwncoder
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
pwncoderis a threat actor known by that alias and is located in the United States of America. The actor came to public attention in connection with the October 2023 data breach affecting the District of Columbia Board of Elections, where an anonymous source informed BleepingComputer that the stolen voter database was first offered for sale on the BreachForums and Sinister.ly hacking forums by a user named pwncoder. Those forum posts have since been deleted, but they marked the earliest public appearance of the compromised data associated with this incident.
The data in question consisted of more than 600 000 lines of voter records that were dumped from a stolen MSSQL database. According to the breach description, the information was accessed through the web server of DataNet Systems, the third‑party hosting provider used by the election authority, although DCBOE confirmed that its internal databases and servers were not compromised. The exposed records included names, registration IDs, voter IDs, partial Social Security numbers, driver’s license numbers, dates of birth, phone numbers, email addresses and other details, some of which are considered public under District of Columbia rules while other elements such as contact information and partial SSNs are normally confidential. After the breach was discovered, DCBOE took its website offline, worked with the MS‑ISAC Computer Incident Response Team, the FBI and DHS to assess the incident, and conducted vulnerability scans across its IT environment.
Later, the RansomedVC group claimed responsibility for the breach and advertised the same voter data for sale on a dark web leak site, providing a sample record as proof and indicating the data would be sold to a single buyer. While RansomedVC’s claims followed the initial forum activity by pwncoder, no further public information links pwncoder to any additional campaigns, malware families, tooling, or affiliations. The available sources therefore describe pwncoder solely in relation to the posting of the stolen DC Board of Elections voter data on hacking forums, without evidence of broader targeting patterns, strategic objectives, or state connections.
