Last week, I received an email from Dasabo:

Dear Customer,

we would like to share with you an important update regarding the evolution of the DASABO group’s corporate structure, as part of a broader growth and consolidation strategy developed over recent months.

We are pleased to inform you that DASABO OU has been fully acquired by DASABO SRL, including all its strategic assets, such as technological infrastructure, operational platforms, active services, and existing contracts. This transition has been carefully designed to strengthen our organizational structure, streamline internal processes, and ensure even higher standards of quality, reliability, and regulatory compliance.

So…Dasabo was acquired by Dasabo?

As Patron Provider @aluy pointed out:

And @Dasabo further clarified:

DASABO ​​OU (a company with registered office in Estonia, therefore within the European Union) has been liquidated and all its assets have been acquired by DASABO ​​SRL (a company with jurisdiction in Italy, therefore also within the European Union). The choice of Italy stems from several commercial agreements we are making with important clients in Italy, including public administrations. Therefore, this change in the legal structure was made purely for administrative reasons; nothing radical or fundamental changes for our clients.

Presumably there was some legal necessity to send an mail that announced the change.

OK, so while it was kind of funny to announce that Dasabo was acquired by Dasabo, this makes sense.

But then @Xrmaddness shared this rather shocking image:

And apparently @roblowend said Dasabo had tried to charge him over $10,000.  He also shared this screenshot:

Yikes!

There was a lot of back and forth, and Dasabo initially said they had no evidence of these amazing transactions.  But in the span of about three hours, they went from this:

At this point, I honestly do not know what else we can say to reassure you. As already explained, it is technically impossible for us to access or store your card details in plain text, as all payment methods are handled through tokenization systems compliant with industry security standards.

This means that even in the hypothetical event of a data breach — which, at this time, is not the case, and for which we have found absolutely no evidence of intrusion into our systems — it would still not be possible for anyone to obtain the actual card details from our infrastructure. You can therefore rest assured that your card information remains secure and has not been exposed through our systems or accessed by third parties.

We are still carefully investigating what may have happened in relation to the reports from a limited number of users. At this stage, we have already identified all transactions involved: the total number of reported cases is extremely small, literally countable on two hands, and only a portion of those transactions were successfully processed. All confirmed unauthorized transactions have already been refunded.

To this:

We are writing to provide an official and transparent update regarding an incident involving unauthorized payment attempts that were detected on our platform in recent days.

Following an in-depth internal investigation, including technical auditing, log analysis, and comprehensive security reviews conducted as a top priority by our security and operations teams, we have been able to precisely identify the origin of the incident.

The investigation has confirmed that an internal collaborator, who until a few hours ago was part of our customer support department, misused their assigned access privileges by performing unauthorized payment-related actions against a very limited number of users, with the clear intent of causing significant financial and reputational harm to our company.

These activities were carried out within the timeframe between May 5, 2026, and May 8, 2026.

Immediately upon detection of the anomalies, Dasabo activated its emergency security protocols, taking the following actions:

1. fully revoked all system access associated with the individual involved;
2. invalidated all credentials, sessions, and operational privileges;
3. conducted a full security and infrastructure review across payment-related systems;
4. initiated enhanced internal forensic auditing procedures;
5. engaged legal counsel to proceed with a formal complaint to the competent authorities.

The incident affected a total of 13 users. In 5 cases, payments were successfully processed; however, all affected amounts have already been fully refunded to the respective customers via their original payment methods.

We would like to emphasize that these transactions were only possible because the affected users had previously and voluntarily authorized and stored a recurring payment method within their Dasabo account.

Ironically, less than 24 hours previously, I got this email:

I declined to update my payment method…

Stay tuned to the LowEndTalk thread for further drama.

raindog308

raindog308 is a longtime community LETizen, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, raindog308 runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, raindog308 has a life-long love of German Shepherd Dogs, high-quality knives, target shooting, theology, tabletop RPGs, playing guitar, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.