cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Bathroom products manufacturer Decina caught out by alleged data breach

DragonForce hacking group posts reams of company financial and employee data on the darknet.

user icon David Hollingworth
Tue, 12 Dec 2023
Bathroom products manufacturer Decina caught out by alleged data breach
expand image

A hacking group has posted an extensive data set that it claims belongs to an Australian manufacturer of bathroom fittings and appliances.

An account going by the name DragonForce posted on a popular clear web hacking forum that it had the data to download on its darknet site on 9 December. Sure enough, the provided onion site appears to be a dedicated leak site for data belonging to a Queensland firm called Decina.

According to its own website, Decina is a “manufacturer and supplier of baths, spa baths, showers, toilets, basins, tap ware and accessories”.


“When you choose Decina you join a comprehensive list of elite architects, designers and builders who continue to select Decina as their first choice for hundreds of prestigious projects across Australia and overseas,” the company’s website said.

The alleged data leak contains more than 600 lines of folders and documents, downloadable either by individual file or in a compressed folder – though at the time of writing, the compressed document is difficult to obtain.

The individual files, however, appear to include internal financial documents such as detailed lists of debtors and creditors and sales quotes. The quotes are on what appears to be Decina letterhead and include many of the company’s commercial partners, such as various Bunnings and Harvey Norman outlets and other bathroom suppliers. Wage details of more than 60 of the company’s employees appear to be included in the leak, as well as extensive notes on payroll procedures alongside usernames and passwords for toll payments and Decina’s credit card account – all in clear text.

Other documents include employee reviews, expense claims, timesheets, and the final payout details of several ex-employees. There is also a large amount of executables and .DLL files that seem to be related to the Attache payroll and accounting software suite.

All of the allegedly leaked documents date from between 2009 and 2023.

Cyber Daily has reached out to Decina for comment.

Who is DragonForce?

The hacking group’s forum signature simply says “DragonForce Ransomware”, though none of the group’s infrastructure seems to suggest typical ransomware operations. Each of the group’s victim’s data is shared on a discrete leak site, and there does not seem to be any information regarding ransoms demanded or deadlines to publish. DragonForce’s earliest operations appear to date back to just 29 November, when threat tracker FalconFeeds.io first took note of the group’s activity.

The group does not appear to be linked to the DragonForce Malaysia hacktivist collective, however. The two groups’ logos both appear to represent the same mythical creature but are otherwise unique in design.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.