Data Breach Overview
In September 2025, a dataset containing 7,432 user records from Lettutor.com, an online tutoring and language‐learning platform, was allegedly posted by user “privilege” on darkforums.st. The leak includes a wide range of personal data, account credentials, and usage metadata.

What Data Was Exposed
The dataset reportedly includes the following fields:

• ID, Email, Password (hashed using bcrypt)

• Linked authentication (Google, Facebook, Apple)

• Avatar, Name, Country, Phone, Birthday

• Activation / verification flags (IsActivated, IsPhoneActivated, IsPhoneAuthActivated)

• Account status fields (DeletedAt, RequireNote, IsTester)

• Activity / usage data (Language, StudySchedule, StudentGroupId)

• Metadata such as timezone, referral, and staff handling ids (SaleByStaffId, CaredByStaffId)

Where & How Data Was Found

• Data allegedly appeared on “darkforums.st” posted by user “privilege.”

• It’s a “fresh dump” meaning the data appears recent (as of Sept 2025).

• Passwords are hashed (bcrypt), which is significantly better than plaintext, but other personal data (email, phone, birthday, social media auth links) increases risk.

A Screenshot of the data can be found below:

Company History & Prior Incidents

• I found no readily verifiable public reports (from major cybersecurity news outlets or company statements) confirming this exact Lettutor.com breach.

• That doesn’t necessarily mean it’s false — unverified leaks happen.

Impact and Risks

• Account compromise: Even with bcrypt, weak passwords or reused credentials may be cracked or replayed elsewhere.

• Phishing/scams: With email, name, country, phone exposed, attackers can craft personalized phishing or social‐engineering attacks.

• Privacy violation: Sensitive fields (birthday, is phone activated, etc.) increase risk of identity theft.

• Credential stuffing: If users reuse passwords, adversaries could try these credentials on other sites.

• Reputation harm to Lettutor.com if verified, and potential legal / regulatory risk depending on GDPR or other local privacy laws (the data includes European users presumably).

Recommendations for Affected Users

• Change your Lettutor.com password immediately, especially if it is used elsewhere.

• If Lettutor offers two‑factor authentication (2FA), enable it.

• Monitor your email and other accounts for suspicious login attempts.

• Be wary of phishing messages that may reference Lettutor.com or your tutor/learning profile.

• If your phone number is exposed, watch for unsolicited messages or calls.

Recommendations for Lettutor.com (and Similar Platforms)

• Verify severity & authenticity of leak; perhaps run internal forensics or hire external investigators.

• Notify affected users transparently.

• Require or strongly encourage 2FA.

• Limit the amount of personal metadata stored, and ensure strong encryption / hashing for sensitive data.

• Monitor for abuse of the leaked data.

What is InsecureWeb?

InsecureWeb is a Dark Web monitoring service that keeps track of recent data breaches and tracks their impact by monitoring the darkest places of the internet.

Our commitment lies in providing top-notch cybersecurity services to our clients. Through continuous monitoring of the dark web and advanced threat detection methodologies, we strive to identify potential breaches promptly, enabling swift response and mitigation efforts. With our state-of-the-art tools and expertise, we prioritize the confidentiality, integrity, and availability of our clients’ data.