A massive leak in a cybercrime forum on the dark web has put the privacy of thousands of Mexicans at serious risk, who are now exposed to potential fraud attacks, identity theft, and advanced phishing campaigns. In these attacks, the cybercriminal can simulate emails from official institutions or known individuals to deceive the victim and obtain more information or commit financial fraud.
With the name, photo, and visible INE credential, criminals could easily convince victims that they are interacting with someone legitimate. The exposure also opens the possibility of personalized extortion campaigns, where cybercriminals could directly contact victims and threaten to make their sensitive information public or use their image for other purposes, demanding payment to avoid disclosing their data.
Furthermore, criminals could attempt to open bank accounts, apply for credits, or carry out financial transactions in the name of the affected individuals. In Mexico, the INE credential is the main identification document, and unauthorized access to this type of information can lead to financial fraud that could affect the credit history of the victims and their ability to access credit in the future.
Regarding the origin of this leak, the user "NanC" has a history of publishing databases from different countries. The history suggests that "NanC" is an actor with access to global data sources. The speed at which this leak is spreading on the dark web and its potential redistribution in encrypted messaging services increases the risks.
The leak includes selfies with INE credentials, full names, home addresses, CURP, and associated emails. This information could facilitate fraud campaigns for criminal purposes. The exposure is especially alarming as the data shared by "NanC" is only a fraction of the information that he claims to have available, suggesting that the magnitude of the compromised data could be greater and available for sale on the dark web.
The leak has affected individuals with different types of email accounts, from personal to corporate, which increases the vulnerability of the victims to personalized attacks. Although it is not specified how the data was obtained, the presence of selfies with INE credentials suggests that they may have been collected from financial platforms that request this type of information for identity verification purposes.
The exposure of data in this leak poses serious security risks for the affected individuals, who should take measures such as changing passwords, activating two-factor authentication, and being alert to suspicious communications to mitigate possible attacks and fraud attempts.
