V for Vendetta: Mexico’s largest bank data breached as a counterforce to security analysts

Quite a story, learn more details in this article.

On August 8, 2022 well known in the hacking community threat actor has publicly shared a link to download an archive with data belonging to Mexican bank Grupo Financiero Banorte.

Grupo Financiero Banorte, doing business as Banorte and as Ixe, is a Mexican banking and financial services holding company with headquarters in Monterrey and Mexico City. It is one of the four largest commercial banks of Mexico by assets and loans, and the largest retirement fund administrator. 

Photo by Setyaki Irham

As it turned out, Banorte’s data was hacked back in 2013, but it was not known about until the end of 2021. It was during this time that it appeared on underground markets for sale, never becoming public. That was until Banorte’s official cyberspace representative, Group-IB, filed a DMCA against the hacking forum where the data was sold.

As a counterforce, the administrator of the forum, the actor under alias “pompompurin” has leaked data online to anyone on the Internet.

The hacker and administrator of arguably the largest hacker forum eventually leaked online banking data and left an accompanying message for Group-IB, Banorte’s cybersecurity partner company:

“I  bought this data to leak (With permission from the seller) because Group-IB was sending emails to me complaining about it. They also attempted to submit DMCA’s against the website. Make sure to tell BANORTE that now they need to worry about the data being leaked instead of it just being sold Mr. Group-IB. Next time do not bother me”

Leaked data details

Data leak is totalling 1,44Gb and divided into 3 files.

Sensitive data leaked: full customers names, full physical addresses, sex, phone numbers, RFC(Mexico tax ID), account numbers(!), emails and balance details.

The Kaduu Team analyzed the compromised database and concluded that the leaked information was mainly used for phone fraud. As you can see from the screenshot, the “ONLY-PHONES” file is present and consists of information selected and extracted from “PART1” and “PART2” files. Apparently, for the “convenience” of phone scammers, it contains phone numbers and the full names and account numbers of Banorte customers. Well, you can imagine “Hola Señor…, su cuenta…”. We urge you to remain vigilant and not to trust random phone callers talking about money.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.

Comments are closed.