More than 84,000 user accounts from DeBoleto.mx, one of the main ticket sales platforms for events in Mexico, have been leaked and are now circulating in clandestine hacker forums. The leak includes information such as full names, emails, phone numbers, encrypted passwords, purchase histories, payment records, and even direct access tokens to the accounts. Publimetro Mexico detected this leak in January 2025, and now the database has reappeared in a high-reputation open forum, increasing the risk for users.
Through the analysis of the leak, it has been confirmed that the exposed files contain details such as first names, last names, emails, phone numbers, dates of birth, encrypted passwords, transaction records, types of tickets purchased, payment methods, operation identifiers, applied promotions, event setup configurations, maps, locations, pricing structures, history of the number of tickets generated and modified per event, features per event, attendance, and capacities per presentation. In total, over 500 MB of unencrypted data is available for purchase or download.
Database trafficker Nick Diesel has published a file containing data from users who purchased tickets for events online, including passwords. Víctor Ruiz, a certified cybersecurity analyst, has warned about the immediate risks of this leak, indicating that cybercriminals could use the information to carry out targeted phishing attacks against the platform's users.
Nick Diesel, identified as the person responsible for the original leak, has been involved in other leaks related to institutions and companies in Mexico. This leak could lead to fraud such as the resale of fake tickets, theft of active accounts, or identity theft. Despite the seriousness of the situation, DeBoleto.mx has not issued any public statement nor contacted its users to inform them about the incident, nor is there any record that the company has notified data protection authorities in Mexico.
The more than 84,000 affected users remain vulnerable, unaware that their data is being shared in cybercriminal forums. Users of DeBoleto.mx are advised to change their passwords immediately, enable additional authentication factors on other services where they use the same email, and be alert for possible suspicious emails or messages.
