Recently, a massive leak was registered that exposed more than 3.3 billion passwords associated with email addresses from various countries. This incident revealed significant vulnerabilities in major universities in Mexico and compromised the credentials of at least 7.1 million people in the country. The leaked database, which comes from multiple breaches between 2007 and 2024, has been cleaned to remove duplicates and is circulating in underground forums, accessible to any cybercriminal.
Cybersecurity experts warn about the serious consequences that may arise if immediate corrective measures are not taken in response to such incidents. Nicolás Azuara, a cybersecurity analyst, highlighted that Mexican universities were severely affected, with more than 7 million compromised email addresses. Institutions with .edu.mx, .org.mx, and .gob.mx endings were primarily affected, indicating serious cybersecurity problems.
Among the leaked email addresses ending in .mx, it was found that the majority belong to .com.mx domains, followed by .net.mx, .org.mx, .edu.mx, and .gob.mx. The Panamerican University (UP) was the most affected with around 3,500 compromised emails, followed by the National Polytechnic Institute (IPN), the National Autonomous University of Mexico (UNAM), Anáhuac University, and Monterrey Institute of Technology (Tec de Monterrey).
The leak poses a risk to the safety of students and academic staff, as the compromised accounts could be used in targeted attacks, especially through phishing. Passwords associated with these emails may allow unauthorized access to institutional accounts and internal systems. Addresses with .edu.mx and .gob.mx domains are particularly concerning, as they represent critical educational and governmental institutions for the country.
In light of this situation, it is recommended to check if your email account has been compromised using tools like Have I Been Pwned. It is important to change all passwords immediately and use long and unique passwords for each account. Enabling two-factor authentication (2FA) is advised to enhance account security and reduce the chances of unauthorized access.
