[DissentDoe]

He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B.  Under each new moniker, he denied being the individual DataBreaches knew under previous monikers, even though based on his targets, his approach to proof of claims, and his extortion approaches, it seemed pretty obvious it was the same threat actor.
Now he has been caught.

And the 39-year old man has reportedly confessed. 

Read more at https://databreaches.net/2025/02/27/crim...-arrested/

[mspaint]

rip DESORDEN free the old man

[murderkitten]

RIP in Thailand jail

[endless]

He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B.  Under each new moniker, he denied being the individual DataBreaches knew under previous monikers, even though based on his targets, his approach to proof of claims, and his extortion approaches, it seemed pretty obvious it was the same threat actor.
Now he has been caught.

And the 39-year old man has reportedly confessed. 

Read more at https://databreaches.net/2025/02/27/crim...-arrested/

You shouldn't write it like its 100% sure he is the one. You can say you know it with 99% certainty but you literally write it like it has already been confirmed ("He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B. ") In typical security researcher fashion, giving yourself extra credit by putting 100% attribution of seperate monikers to the same threat actor. You even admit it "seemed pretty obvious" (which is not a confirmed attribution) but still wrote it down like you were absolutely certain.

[DissentDoe]

He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B.  Under each new moniker, he denied being the individual DataBreaches knew under previous monikers, even though based on his targets, his approach to proof of claims, and his extortion approaches, it seemed pretty obvious it was the same threat actor.
Now he has been caught.

And the 39-year old man has reportedly confessed. 

Read more at https://databreaches.net/2025/02/27/crim...-arrested/

You shouldn't write it like its 100% sure he is the one. You can say you know it with 99% certainty but you literally write it like it has already been confirmed ("He called himself ALTDOS when he first contacted DataBreaches in 2020. In 2021 he started contacting this site as DESORDEN. Then in 2024, he contacted this site as GHOSTR, and more recently, as 0mid16B. ") In typical security researcher fashion, giving yourself extra credit by putting 100% attribution of seperate monikers to the same threat actor. You even admit it "seemed pretty obvious" (which is not a confirmed attribution) but still wrote it down like you were absolutely certain.

It already HAS been confirmed, and yes, I really had recognized him when he contacted me as DESORDEN after all our interactions when he posed as ALTDOS. I even mentioned the connection in some of my posts, and his denial that he was the same entity when he started posting as 0mid16B. I was obligated to report he denied it, but it should have been clear from my public hint that I had connected the different monikers: " 0miid16B, who tells DataBreaches that they* have never worked with DESORDEN or ALTDOS, wrote:"     

The only thing that surprised me about his arrest is his age.