A leak of sensitive data has been detected by Publimetro Mexico, revealing the exposure of personal and financial information of users of a Mexican platform for phone top-ups and service payments called PayApp. This data includes emails, PINs, passwords, RFC, addresses, names, banking information, web access logs, HTTP request logs, session tokens, financial transactions, and user accounts.
The party responsible for this leak is an actor known as Nick Diesel, whose prior reputation includes the exposure of 700 thousand payroll data from FastNom, the disclosure of banking information of 80 thousand users after a cyberattack on DeBoleto.mx, and the sale of a database with details of 1.2 million Mexican pensioners.
The exposed PayApp database reveals access credentials, real-time top-up movements, server logs, access routes, and documents the operation through an automated API that executed top-ups and generated access tokens without a solid security protocol. Alarmingly, files were identified containing more than a million individual top-up records, detailing information such as phone numbers, beneficiaries, amounts, providers, dates, folios, and internal data.
For Víctor Ruiz, a cybersecurity expert, the severity of the leak puts thousands of users at risk of potential fraud, such as phishing, impersonation, and social engineering. Ruiz warns that criminals could use this information to contact users, simulate account reactivations, request payments, or perform unauthorized transfers.
Nick Diesel, a notorious data trafficker operating in cybercrime forums, has been linked to multiple massive information exposures in Mexico, including databases from financial, governmental, and private institutions. His actions facilitate criminals in executing phishing attacks against users, endangering the financial and personal security of many people.
