vanz
vanz is an alias associated with the June 2023 posting of a dataset containing 17,017,213 Instagram user records on BreachForums. Reporting cited in the provided content states the dataset was a repackaged scrape originally collected in 2022, not a newly stolen breach dataset, and that the same data also appeared on LeakBase around the same time. The leaked records reportedly included usernames, email addresses, phone numbers, user IDs, and partial or physical location data. The content does not attribute nation-state affiliation or a broader intrusion set to vanz. Based on the provided material, vanz is specifically linked to leaking or posting the Instagram dataset, which was later reposted in January 2026 by another forum user under a misleading '2024 API LEAK' label. The content notes that such recycled but real data can support targeted phishing and smishing against affected users. No additional confirmed aliases, sub-groups, or tactics beyond forum-based data leakage are provided in the content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.