Vinny Troia

Last updated
Vinny Troia
Vinny Troia photo.jpg
EducationPhD
Alma mater Capella University, Western Governors University
Occupation Researcher
Years active2018-present
Organizations
  • Night Lion Security
  • Shadowbyte
Known for Cyber security
Website vinnytroia.com

Vincenzo "Vinny" Troia is an American cybersecurity researcher and author specializing in open-source intelligence (OSINT), data breaches, and dark web investigations. He is the author of "Grey Area: A Dark Web OSINT Field Guide", and "Hunting Cyber Criminals". Troia has published research on cybercriminal groups including The Dark Overlord, ShinyHunters, and Scattered Spider. [1]

Contents

Career

Troia serves as owner and CEO of Night Lion Security, a cyber-security firm based in the US. [2] , and founded a threat intelligence firm Shadowbyte, which was sold in 2022.

In 2018, Troia found a data leak of nearly 340 million detailed records about individual people available on a publicly accessible server of Exactis. [3] [4]

In 2019, he found a data breach in People Data Labs where records of personal data, including email addresses, employers, locations, job titles, names, phone numbers and social media profiles of 1.2 billion people were exposed. [5] [6]

In July 2020, Data Viper, a threat intelligence platform operated by Vinny Troia, was reportedly compromised. The site claimed to host over 8,200 datasets linked to various data breaches, was described by Troia as a deliberate honeypot designed to track and identify individuals in connection with investigations referenced in Troia's book and published works. [7] [8] [9]

In August 2020, Troia wrote a report on the underground cybercrime economy built on the stealing of reselling of video game passwords. [10] The white paper outlines the process by which hackers make money by stealing and reselling Fortnite video game cosmetics, some making nearly a million dollars per year. [11]

In November 2021, hacker Pompompurin, admin of the Dark Web data sharing forum BreachForums, publicly harassed Troia by hacking into the FBI email servers and sending hundreds of thousands of emails to people accusing him of being a part of The Dark Overlord hacking group. [12] [13] In addition, Troia claimed that they had previously performed a DDoS attack one of Troia's websites and also hacked the National Center for Missing & Exploited Children's blog to create a fake blog post about him. [14] [15] [16] [17]

Publications

In 2025, Troia authored Grey Area: Grey Area: A Dark Web OSINT Field Guide, published by Wiley Books. The work discusses the use of hacked, breached, and leaked data within intelligence community with a focus on national security applications.

Grey Area references commentary from individuals with backgrounds in U.S. intelligence agencies, including the CIA, ODNI, DoD, and DIA. It includes an account of the 2024 Snowflake data breach investigations. [18]

In 2021, Troia authored the book "Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques" (Wiley Books), which illustrates various investigative tools and techniques used to track down and investigate cybercriminals using Open Source Intelligence (OSINT) gathering tools and techniques. [19] The book provides a detailed account of Troia's investigation into cyber criminal hacking group The Dark Overlord. [20]

Troia's book provides evidence and analysis to support claims that the masterminds behind The Dark Overlord cybercrime group are two teenagers living in Calgary, Canada. Evidence provided in the book, as well as a subsequent report published by Troia and Night Lion Security, attempts to link the members of The Dark Overlord hacking group to other "database focused" hacking groups such as ShinyHunters and GnosticPlayers. [21]

Notable Investigations

Troia was referenced as an intermediary (Individual-1) in a U.S. arrest warrant for Alexander “Connor” Moucka (aka “Catist” and “Judische”) in connection with the discovery of the Snowflake and AT&T data breaches [22] . Media accounts also describe Troia’s involvement under the alias “Reddington” [23] in discussions surrounding ransom demands linked to the breaches, including a payment by AT&T. [24] [25]

Troia also conducted investigative research into the hacking groups The Dark Overlord and ShinyHunters. This work was detailed in his 2021 book Hunting Cyber Criminals, which examined the groups’ operations, methods, and impact. In addition to the book, Troia published a detailed investigative report analyzing the groups’ activities and affiliations. [26] [27]

Early Career (Music)

From 2002-2010, Vinny Troia started and ran Curvve Recordings, an electronic dance music record label. Curvve debuted with remixes of Ultra Nate's "Free", a previously #1 single on the Billboard dance club charts. [28] Troia's remix of "Free", alongside Oscar G and Trendroid, rose to #23 on the Billboard club chart. [29]

In 2003, Curvve released remixes of Jody Watley's "Looking for a New Love", which rose to #13 on the US billboard dance charts, [30] followed by Vinny Troia's own single "Flow", with Jaidene Veda (2006), which reached #24 on the top Billboard Dance Songs chart. [31] In 2007, Curvve released "One Day My Love" by N'Dea Davenport, which rose to #10 on US Dance chart. [32]

Troia's second single, "Do For Love" featuring Jaidene Veda and with remix by Dave Aude, reached #40 on the US top billboard dance charts in 2010. [33] Troia has also worked with other known artists like Gareth Emery, David Guetta, Dave Aude, Christopher Lawrence, D:Fuse, and Starkillers.

References

  1. "Bios Page | Saint Louis University Workforce Center". workforcecenter.slu.edu. Retrieved 2025-09-02.
  2. "Hacker breaches security firm in act of revenge". ZDNet .
  3. "Exactis said to have exposed 340 million records in massive leak". CNET.
  4. "A New Data Leak Reportedly Exposed 230 Million Americans' Personal Information". fortune.com.
  5. Reichert, Corinne. "1.2 billion records exposed in unsecured database". www.cnet.com.
  6. Newman, Lily Hay. "1.2 Billion Records Found Exposed Online in a Single Server". Wired.com.
  7. "Breached Data Indexer 'Data Viper' Hacked – Krebs on Security". 2020-07-13. Retrieved 2024-07-25.
  8. "Breach database company DataViper allegedly hacked with billions of records offered for sale". SiliconANGLE. 2020-07-13. Retrieved 2024-07-25.
  9. Cimpanu, Catalin (12 July 2020). "Hacker breaches security firm in act of revenge". ZDNet. Retrieved 6 December 2024.
  10. Winder, Davey. "Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins". Forbes .
  11. "Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins". Forbes. Retrieved 21 April 2023.
  12. "Hackers compromise FBI email system, send thousands of messages". Reuters. Archived from the original on 2023-12-01. Retrieved 2024-12-25.
  13. Lyngaas, Sean (2021-11-13). "Fake FBI emails about a sophisticated attack are part of 'ongoing situation,' agency says | CNN Politics". CNN. Retrieved 2024-12-25.
  14. Vavra, Shannon (2021-11-17). "Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny?". The Daily Beast. Retrieved 2024-07-25.
  15. Roth, Emma (2021-11-14). "The FBI's email system was hacked to send out fake cybersecurity warnings". The Verge. Retrieved 2024-07-25.
  16. "FBI system hacked to email 'urgent' warning about fake cyberattacks". www.bleepingcomputer.com.
  17. "FBI Email Hoaxer ID'ed by the Guy He Allegedly Loves to Torment". threatpost.com. 2021-11-16. Retrieved 2024-07-25.
  18. "Grey Area: Dark Web Data Collection and the Future of OSINT | Wiley". Wiley.com. Retrieved 2025-10-06.
  19. "Book Review of "Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques"". www.rsaconference.com. 14 February 2021.
  20. Troia, Vinny (January 2020). Hunting Cyber Criminals. Wiley. pp. 440–443. ISBN   978-1-119-54099-1 . Retrieved 23 December 2020.
  21. "The Dark Overlord report: An Investigation Into A Cyber Terrorist Hacking Group". Night Lion Security. 16 July 2020. Retrieved 17 July 2023.
  22. "Indictment – #1 in United States v. Moucka (W.D. Wash., 2:24-cr-00180) – CourtListener.com (http://courtlistener.com/)". CourtListener. Retrieved 2025-08-30.{{cite web}}: External link in |title= (help)
  23. "The Walls are Closing in on the Snowflake Hacker". 404Media. 404Media. Retrieved 2 September 2025.
  24. Zetter, Kim. "AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records". Wired. ISSN   1059-1028 . Retrieved 2025-08-30.
  25. Zetter, Kim. "Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake". Wired. ISSN   1059-1028 . Retrieved 2025-08-30.
  26. "Hacker sends spam to 100,000 from FBI email address". NBC News. 2021-11-14. Retrieved 2025-08-30.
  27. Troia, Vinny (2020-01-29). Hunting Cyber Criminals. Wiley. doi:10.1002/9781119541004. ISBN   978-1-119-54092-2.
  28. "Ultra Naté | Biography, Music & News". Billboard. Retrieved 2025-03-05.
  29. "Ultra Naté | Biography, Music & News". Billboard. Retrieved 2025-03-05.
  30. "Official Singles Chart on 14/6/1987". Official Charts. 2023-01-28. Retrieved 2025-03-05.
  31. devops (2013-01-02). "Dance Club Songs". Billboard. Retrieved 2025-03-05.
  32. devops (2013-01-02). "Dance Club Songs". Billboard. Retrieved 2025-03-05.
  33. devops (2013-01-02). "Dance Club Songs". Billboard. Retrieved 2025-03-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.