IOTA HOTEL TBILISI Listed by nightspire Ransomware Group
- VIP Lists- Invoices, Passport...- Financial Documents
On March 1, 2026, the luxury IOTA Hotel Tbilisi appeared on the leak site of the nightspire ransomware group. Internal files containing VIP lists, invoices, passports, and financial documents were exfiltrated and posted after the hotel failed to meet the attackers’ demands.
Confirmed Details of the Breach
Public reporting indicates that nightspire published a sample of the stolen data on its leak portal, hosted via ransomware.live. The exposed materials include guest-related records that list high-profile individuals, billing information, scanned passports, and other sensitive financial paperwork. The exact number of people affected remains unknown, though the presence of VIP lists suggests travelers, business guests, and possibly their families are among those whose information is now in attackers’ hands. No evidence has surfaced that payment-card data or full credit reports were taken, but the breadth of personal identifiers is significant.
The incident follows the group’s standard pattern of encrypting systems, exfiltrating selected folders, then publishing proof on a public leak site when ransom is not paid. As of the publication date, the full archive had not been broadly distributed beyond the leak page, yet the sample files alone contain enough detail to enable identity theft or targeted fraud.
Why This Matters for You and Your Family
When a hotel you or your family stayed at loses passport copies, VIP profiles, and financial records, the risk does not stop at that one booking. Those documents often contain full names, dates of birth, passport numbers, home addresses, and payment details. Once exposed, this information can be sold quietly on underground forums and used to open accounts, file fraudulent tax returns, or impersonate you in correspondence with banks and government agencies.
Children’s records are sometimes included in family bookings, creating long-term exposure. A single breach like this can quietly feed data brokers, people-search sites, and social-engineering campaigns for years. Ordinary travelers who simply chose a reputable hotel now face the same cleanup burden that large corporations hire teams to handle.
The Doxxing and Identity-Chain Risks
Passport scans and VIP lists rarely exist in isolation. They frequently link email addresses, phone numbers, and social-media handles that appear in other breaches. Attackers can stitch these fragments together into a complete identity chain. A leaked hotel record showing your child’s name and date of birth, combined with a gaming username from an earlier breach, can lead directly to account takeovers on Steam, Roblox, or Discord. From there, predators may harass, dox, or extort.
Credential leaks cascade. The same password used to book the hotel room may protect your email, streaming accounts, and your children’s gaming profiles. Public reporting on similar incidents shows that ransomware groups increasingly sell these chained identity packages rather than raw files, accelerating the speed at which families experience real-world consequences such as SIM-swapping or targeted phishing.
Nightspire’s Publicly Known Track Record
Public reporting attributes nightspire with emerging in late 2024 as a ransomware-as-a-service operator. The group has claimed responsibility for attacks on hospitality companies, healthcare providers, and mid-sized manufacturers. Its typical playbook begins with initial access through phishing or exploited remote-desktop services, followed by rapid lateral movement inside the victim’s network. After encrypting files, nightspire exfiltrates selected directories—often those containing customer or employee personal data—then issues a ransom demand with a short deadline. If unpaid, the group publishes proof on its leak site and offers the full archive for sale to the highest bidder. Past victims include several European hotel chains and tourism operators, indicating a focused interest in the travel sector where guest passports and payment records are common.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what appears on data broker and people-search sites.
- Rotate the password you used when booking at IOTA Hotel Tbilisi anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often chain back to the same address or parent email.
- Let remediation specialists handle takedown requests across data brokers and leak forums so you do not have to negotiate with operators yourself.
The speed with which stolen hotel records move from leak sites into criminal hands leaves little room for delay. Starting now with concrete steps can limit how far this breach travels. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts vulnerable to the same credential-stuffing attacks. Families who act quickly reduce the window attackers need to build and sell those dangerous identity chains.
Related breaches
URA Group Listed by Booba Project Ransomware Group
Stolen data: 5 GB…
RISE Architecture Listed by akira Ransomware Group
RISE Architecture is a full-service architectural firm based in New York and New Jersey that sp ecia…
Mount Royal University Listed by cmdorganization Ransomware Group
The university was established in 1910. Mount Royal University is a public university in Calgary, Ca…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →