Just a few hours ago, someone claiming to have hacked into the systems of Club de Fútbol Pachuca and its university, the Universidad del Fútbol y Ciencias del Deporte (UFCD), began releasing evidence of the attack. They posted everything on a dark web forum, one of those where stolen databases are bought and sold. According to their own announcement, they have more than 50 GB of confidential information and are willing to release it for just $500. Yes, it's that easy.
Two posts by the hacker and leaked database from Club Pachuca
It all started with a new user on the forum, who appeared out of nowhere under the alias M3xTr1x02. He joined in June 2025, with no history, no reputation, and no previous interaction. Everything points to it being an account created solely to release this leak and sell the information. No trace, no context. He just arrived, posted, and set off the alarms.
In less than 12 hours, the user uploaded two different posts. In the first, they shared technical data about the system they supposedly had access to: a server running Windows Server 2003 Datacenter Edition, an old version with more holes than a fishing net. He also included fragments of databases with sensitive information, such as account holders' names, bank card details, transaction amounts, and dates.
The second post was even more revealing. It showed a complete table called FNZAS_PPD_DATOS_PAGO, with 28 columns full of financial data. Among the leaked fields were account numbers (source and destination), billing UUIDs, SAT details, tax relationship types, currencies, balances, and even academic information such as enrollment and campus of those involved.
In short, it appears to have access not only to financial information, but also to personal and school data. A dangerous cocktail that, if leaked in its entirety, could have very serious consequences.
Read more: Top 10 Dark Web Markets
Administrative access tests: Exposed accounts
In addition to the leaked databases, the alleged hacker also revealed usernames with administrative access within the system. These included accounts such as developer, distributor_admin, operacion, and saganet, suggesting that the hacker not only accessed data but also likely had direct control over internal platforms, including financial ones. This was a serious intrusion, not just a quick glance.
Although there is no official confirmation as to whether these systems are still active, the technical details that were revealed indicate that the infrastructure had been in operation for more than ten years. Everything was running on a virtual machine in VMware with 24 processors (a typical configuration for a production data center). It was not a forgotten test server, but something that was in actual use.
When consulted by the media, some cybersecurity specialists agree that the leaked evidence is solid enough to take this case very seriously. It does not appear to be mere bragging: there are clear signs that the attack was real and profound.
What kind of information would have been leaked?
According to what has come to light, the scope of this leak is not insignificant. Among the data that could have been exposed are some rather sensitive items:
-
Banking information of students, employees, and even players.
-
Payment histories, invoices, and tax documents in the official SAT format.
-
User accounts with administrator permissions, i.e., full access to the system.
-
Possible addresses, phone numbers, and emails linked to those accounts.
-
Internal files from the University of Soccer, which is part of the Pachuca Group and is known for training sports talent.
The alleged attacker claims to have full access to internal platforms, including emails, passwords, physical addresses, and phone numbers. They also threaten to release more information in the coming days if they do not receive a response. This appears to be more of a digital extortion, although it could also be an open invitation to potential buyers on the dark web.
Read more: Ransomware Lyrix Puts Mexican Government Agencies at Risk
Why is it so serious? Real risks: identity theft, fraud, and more
When discussing leaks like this, it’s not just a technical issue—the risks are very real. On the financial side, the data could be used for bank fraud, identity theft, the creation of fake invoices, or even tax evasion, especially if it falls into the hands of individuals who know how to exploit that information within illegal networks.
From a reputational standpoint, the damage could also be significant. If it is confirmed that all this information is legitimate, Club Pachuca and its university could lose the trust of students, players, parents, alumni, sponsors, and sports partners. No one wants to be associated with an institution that cannot protect its data.
If all of this is confirmed, we could be facing one of the most serious data breaches ever documented at a private sports-related university in Mexico. This is not just a wake-up call for the club, but for all organizations that have yet to take cybersecurity seriously.