Cyber Incident Victim: sofiadelterra.com

On July 20, 2015, the website sofiadelterra.com was compromised by an individual using the alias @ElSurveillance as part of a coordinated attack targeting multiple escort-related services. The attacker defaced the homepage with a message criticizing the morality of such websites and their societal impact, while promoting religious content and anti-government sentiments. The defacement included a block of text urging visitors to listen to the Qur’an and distrust media portrayals of ISIS, alongside a direct reference to accessing site logs containing visitor IP addresses. This incident occurred concurrently with breaches of at least five other escort service domains—ohcecilia.com, seductivealchemy.com, taliaamour.com, tabithalayne.com, and tawnybrie.com—all defaced with identical messaging. Evidence of the compromise was archived on Zone-h.org under mirror ID 24614736 for sofiadelterra.com, consistent with @ElSurveillance’s pattern of publicly documenting hacks through this platform.

Initial analysis indicated the attacker accessed and displayed server logs containing visitor IP addresses and browser information but did not initially release more sensitive user data. The defacement served primarily as a protest against the sites’ operations rather than a conventional data theft operation, though @ElSurveillance later informed DataBreaches.net that user data had been acquired from breached sites without immediate public release. No evidence suggested encryption bypass or financial system compromises during the incident. The attacker’s operational focus appeared centered on disrupting services and delivering ideological messaging, with secondary emphasis on data exfiltration. Visitor metadata exposure created reputational risks for site users despite the absence of credential or payment card leaks. No documented containment actions or victim responses were reported in available sources following the defacement and log disclosures.