В январе 2025 года исследование, проведенное аналитиком в области кибербезопасности Николасом Асуарой, revealed that more than 2 million users and passwords of Mexicans were leaked on the dark web. Among the compromised data were more than 1.3 million access to email addresses, 420,000 RFCs, 121,000 phone numbers, 133,000 CURPs, 17,500 social security numbers, and 8,000 bank card numbers, some of which included the CVV security code.
According to Azuara, one of the most alarming aspects of this leak is the exposure of sensitive information such as bank card numbers, making them extremely vulnerable to financial fraud. It was also identified that at least 2,000 leaked bank cards included the CVV security code, significantly increasing the risk of online fraud.
To identify the leaked Mexican data, Azuara used several specific criteria. Among them, it was found that Mexicans tend to use passwords with between 8 and 12 characters, which can make them more vulnerable to attacks. Furthermore, it was determined that more than 2 million users and passwords were compromised, which does not necessarily mean that the same number of people were affected, as the same person might appear in several leaks with different data.
Among the data found, a high number of CURPs and NSS were identified, which could facilitate document forgery and lead to fraud in institutions such as IMSS or Infonavit. In addition, it was found that more than 420,000 RFCs could represent a serious risk to the fiscal security of thousands of Mexican taxpayers.
On the other hand, it was highlighted that the Tax Administration Service (SAT) led the list of government sites with the most compromised credentials, suggesting security failures on official platforms or the presence of malware that steals data such as passwords.
In light of this situation, Mexican users are recommended to strengthen their digital security measures by using secure and unique passwords, enabling two-step authentication whenever possible, and being cautious with suspicious emails and messages. Closely monitoring banking transactions and verifying the authenticity of emails and RFCs are also key recommendations to protect against potential fraud. Tools like 'Have I Been Pwned' can be useful to check if any credential has been compromised and take preventive measures.
