Back to Blog
high severity November 03, 2025 · scope unconfirmed

afton.loc Listed by incransom Ransomware Group

The Aetherius Society is a spiritual organization founded in 1955 by Dr. George King to spread and act upon teachings from advanced extraterrestrial intelligences, known as Cosmic Masters. The society practices King Yoga, focusing on spiritual evolution, cosmic wisdom, and service to humanity in preparation for the New Age. Their teachings cover topics like meditation, karma, reincarnation, UFOs, and spiritual healing. Through the practice of King Yoga, individuals can discover life-changing wisdom, unlock psychic powers, and contribute to raising global consciousness.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed November 03, 2025
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On November 3, 2025, the Aetherius Society appeared on the leak site of the ransomware group Incransom. The spiritual organization founded in 1955 had internal files exfiltrated during a ransomware attack, with the attackers publishing a listing that signals the data is now available for further distribution or sale.

Confirmed Details of the Incident

Public reporting indicates the Aetherius Society, known for its teachings on King Yoga, meditation, karma, reincarnation, UFOs, and spiritual healing, suffered a ransomware intrusion. The Incransom group listed the organization on its leak site, stating that internal files had been taken. No specific victim count has been disclosed, and the exact volume or nature of the files remains unclear from available reporting. The listing appeared on the group’s onion site, which is tracked by ransomware.live.

November 3, 2025 marks the public disclosure date on the leak portal. The data consists of internal files rather than a straightforward database dump, which often includes documents, member communications, donor records, or operational spreadsheets in such incidents.

Why This Matters for You and Your Family

Even organizations that seem far from everyday life can hold information that touches ordinary people. If you or any member of your family has ever attended an event, made a donation, signed up for a newsletter, or participated in classes offered by the Aetherius Society, your name, contact details, or other personal information could be among the stolen files. Once internal files leave an organization’s control, they can spread quickly across forums and dark-web markets.

Credential leaks from one group frequently cascade into other accounts. Passwords or email addresses reused across services become entry points for identity theft, financial fraud, or harassment that can affect your household for years.

The Doxxing and Identity-Chain Risks

Ransomware operators rarely stop at publishing a single batch of files. They often sell or trade the data to specialized doxxing networks that map connections between usernames, email addresses, phone numbers, physical addresses, and family relationships. A seemingly harmless spiritual-organization record can become the first link in a chain that reveals where you live, the names of your children, or their online gaming handles.

These chains grow rapidly. An email address tied to the Aetherius Society might already appear in older breaches; when combined with fresh data, it can expose enough detail for stalkers, identity thieves, or online harassers to target you or your family members directly.

Incransom’s Publicly Known Track Record

Public reporting attributes Incransom with emerging in recent years as a ransomware-as-a-service operation. The group is known for targeting organizations across sectors, encrypting systems, exfiltrating data, and then pressuring victims through leak-site publication when ransom demands are not met. Their typical playbook involves initial access through common vectors such as phishing or unpatched software, followed by lateral movement inside networks to locate valuable files. Extortion follows a double-pressure model: first demanding payment to decrypt systems, then threatening to release or sell the stolen data if the deadline passes.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what this breach connects to.
  • Rotate any password you ever used with the Aetherius Society or similar organizations, and enable two-factor authentication through an authenticator app on every account where that password was reused.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your family is flagged within hours rather than months.
  • Cover your entire household with DoxxScan family protection, which includes children’s gaming accounts that often chain back to the same addresses or parent emails exposed in incidents like this.
  • Let remediation specialists handle the time-consuming work of sending takedown notices to data brokers and monitoring sites that begin circulating the stolen internal files.

The incident shows that data held by any group you have interacted with can suddenly surface years later. Taking concrete steps now limits how far the exposed information can travel. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping that connects scattered handles to real identities, and hands-on remediation by specialists who manage takedowns for you. Its household coverage also protects gaming accounts belonging to you or your children that could otherwise become the next link in a doxxing chain.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.