A user identified as Eternal raised alarms this Monday by posting an ad on a cybercrime forum claiming to be selling a massive compilation of private Mexican databases. According to the post, the package exceeds 200 GB of data and contains “billions of lines” with sensitive information from the INE, banks, universities, political parties, and telecommunications companies. All of this is being offered for just $5,000, available to anyone who can prove financial solvency.
“Today I’m offering you a compilation of many private databases from Mexico,” states the seller, a newly registered user on the forum, who is requesting a “proof of funds” before showing any sample of the content.
Mexican Databases with Information from INE, Banks, and Telmex Sold for \$5,000 on Criminal Forum (Source: Publimetro)
According to the post shared by the user, the data package for sale includes information from a wide range of both public and private institutions. The list is extensive and concerning:
Banks: Names mentioned include American Express, Banamex, BBVA, Banorte, Banregio, Santander, HSBC, Banco Azteca, Compartamos, Coppel, and even Scotiabank.
Telecommunications: Records from Telmex (from 2022), several Telcel databases, and even active phone numbers of WhatsApp users in Mexico.
INE: Records spanning from 2008 to 2019.
Political Parties: Includes the PRI, PAN, Morena, and a few others not specifically named.
Government Agencies: Cadastral data and vehicle registration records.
Universities: At least the Universidad Autónoma de Nuevo León (UANL) is mentioned.
Private Companies: Such as Fullgas, Megasur, Sears, and Liverpool.
Although the exact type of information in each database is not specified, based on how these leaks are typically handled in similar forums, it is most likely to include personal, financial, and contact details: full names, addresses, CURP and RFC identifiers, email addresses, phone numbers, consumption histories, and possibly even authentication tokens or access credentials.
The seller does leave open the possibility that this is a compilation of previously leaked data that he simply organized and packaged for sale. It might also contain data extracted from recent cyberattacks, similar to those seen in the Inferno Leaks, which were attributed to the group Injection Inferno.
Although the user Eternal only joined the forum in May 2025, his post stands out for being well-structured. It includes specific details, screenshots, and a particular demand before showing any samples: proof of funds. This type of behavior is typical of individuals who are already experienced in selling this kind of information on the dark web.
Furthermore, the format of the post closely resembles that of previous leaks that were later verified as authentic. Even the price ($5,000) aligns with what is commonly paid for large, sensitive databases that have been used in major fraud operations in the past.
Read more: INE Reinforces its System against Cyberattacks in Judicial Elections
Once again, the personal data of millions of Mexicans is at risk. This case adds to a series of data breaches that have been occurring for years and are becoming increasingly common on forums like BreachForums, XSS.is, and even Telegram groups. Since 2022, databases containing information from the INE, SAT, banks, Telmex, IMSS, CFE, judicial records, and state institutions have been circulating. All signs point to a growing, unchecked cybersecurity crisis.
Just a few weeks ago, it came to light that leaks from platforms like PayApp.mx, judicial systems, and even cloned government websites had been used in various types of fraud: from identity theft and digital extortion to massive smishing campaigns (fake text messages) using data from the electoral roll and telecom companies.
While it’s impossible to recover data that has already been leaked, there are several steps you can take to reduce the risks:
Regularly check your bank statements and report any unrecognized transactions.
Be skeptical of messages or emails asking for personal information, even if they appear legitimate.
Enable two-factor authentication (2FA) on all your important accounts.
Avoid using the same email or password across multiple services.
Monitor for attempts to open credit or initiate procedures in your name.
In these situations, your best defense is being well-informed, reacting quickly to any unusual activity, and staying vigilant. The leak has already occurred, but you can still take steps to prevent it from affecting you directly.