On June 30, 2026, leaksear.ch indexed an Axcera dataset containing 677 records, with searchable fields including email addresses, names, phone numbers, usernames, IP addresses, dates of birth, addresses, countries, passwords and hashed passwords (leaksear.ch metadata). Axcera describes itself as a financial technology company providing infrastructure for trading firms, and the indexing metadata does not include a confirmed breach date (axcera.io; leaksear.ch metadata).
What happened
Public reporting on April 5, 2026, from HookPhish said AXCERA.IO was listed as a ransomware victim by lapsus$, with a claimed breach date of March 22, 2026, and the claimed stolen material summarized as source code and infrastructure configs (www.hookphish.com). Axcera posted an incident update on April 7, 2026, saying it was aware of online claims and that its review found a limited number of internal repositories exposed in connection with a third-party security tooling issue involving Trivy on GitHub (axcera.io).
Axcera said that exposure did not result in unauthorized access to production systems or live environments, and said no customer data, trading accounts or production systems were affected (axcera.io). The leaksear.ch metadata does not identify an exposure method or breach date for the 677-record dataset, and no public source reviewed here confirms whether it is connected to the earlier repository incident (leaksear.ch metadata).
What data was exposed
Searchable fields in the indexed leak include names, email addresses, usernames, a password field, hashed password fields, phone numbers, addresses, countries, dates of birth and IP addresses (leaksear.ch metadata).
Other stored fields reference KYC and verification context, including document numbers and document types, KYC status, Veriff identifiers and verification session URL fields, customer IDs, checkout and order IDs, payment providers, payment methods, finance amounts and statuses, platform account IDs, platform usernames, password reset tokens, signup tokens, one-time token fields, salts, TOTP secret fields, timestamps such as account creation and last login, and spending or withdrawal totals (leaksear.ch metadata). Axcera public materials describe automated KYC with SumSub and Veriff integrations, plus payment, trading platform and CRM integrations for prop-trading operations (axcera.io).
Why this matters
The record count is small, but the field mix is sensitive because credential, reset token, one-time token and TOTP-related fields can create account takeover risk if any values were live when exposed. Contact details, dates of birth, account identifiers and KYC document metadata can also support targeted phishing, identity verification abuse and fraudulent account recovery. For organizations, the dataset raises vendor-review, token-rotation, log-review and notification questions because the fields span account, payment and verification workflows. If you interacted with Axcera or an Axcera-powered trading or onboarding flow, check whether your email, username, phone number, name, address, date of birth, country or IP address appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, hashed password, ip address, name, password, phone, and username.