In January 2025, a investigation conducted by cybersecurity analyst Nicolás Azuara revealed that more than 2 million users and passwords of Mexicans were leaked on the dark web. Among the compromised data, more than 1.3 million email addresses, 420,000 RFCs, 121,000 phone numbers, 133,000 CURPs, 17,500 Social Security numbers, and 8,000 bank card numbers were found, some of them with the CVV security code.
According to Azuara, one of the most alarming aspects of this leak is the exposure of sensitive information such as bank card numbers, which makes them extremely vulnerable to financial fraud. It was also identified that at least 2,000 leaked bank cards included the CVV security code, significantly increasing the risk of online fraud.
To identify the leaked Mexican data, Azuara used several specific criteria. Among them, he found that Mexicans tend to use passwords with between 8 and 12 characters, which can make them more vulnerable to attacks. Furthermore, it was determined that more than 2 million users and passwords were compromised, which does not necessarily imply that it was the same number of affected individuals, as one person could be present in multiple leaks with different data.
Among the data found, a high number of CURPs and NSS were identified, which could facilitate the forgery of documents and lead to fraud in institutions like IMSS or Infonavit. Additionally, it was found that more than 420,000 RFCs could represent a serious risk to the tax security of thousands of Mexican taxpayers.
On the other hand, it was highlighted that the Tax Administration Service (SAT) led the list of government sites with the most compromised credentials, suggesting failures in the security of official platforms or the presence of malware that steals data such as passwords.
In light of this situation, Mexican users are advised to bolster their digital security measures by using secure and unique passwords, enabling two-step authentication whenever possible, and being cautious with suspicious emails and messages. Closely monitoring banking activity and verifying the authenticity of emails and RFCs are also key recommendations to protect against potential fraud. Tools like 'Have I Been Pwned' can be useful for checking if any credential has been compromised and taking preventive measures.
