A hacker calling himself M3xTr1x02 began to follow through on his warnings: he started leaking information that he claimed had been stolen from the systems of Club de Futbol Pachuca and his university, the University of Football and Sports Sciences (UFCD).
After several days of issuing public warnings and sending emails directly to the club and some media outlets, the attacker posted the first files on a cybercrime forum. Everything indicates that this is only the beginning of a leak that could escalate in the coming days.
How did the case against Club Pachuca begin?
It all started on June 9, when a hacker calling himself M3xTr1x02 appeared on a dark web forum and claimed to have hacked into the systems of the University of Football and Sports Sciences (UFCD). To prove it, he showed screenshots showing that he had accessed servers still running Windows Server 2003, a system so old that it no longer has support or security updates.
He also shared fragments of databases showing payment records, students' full names, enrollment numbers, and even tax addresses. According to him, he has more than 50 GB of confidential information in his possession, and although he was not entirely clear, he offered to sell certain data for $500.
Then, the matter escalated: the hacker contacted a media outlet directly to issue an ultimatum to the club and the university. He gave them 48 hours to respond, or he would begin to release the information publicly. The deadline passed, and although not everything has been leaked yet, the first files have already been released.
Read more: Hack on Club Pachuca: What happened?
What information has already been leaked on cybercriminal forums?
In this first “delivery,” the attacker published five files containing highly sensitive information. Here is what was found:
-
Institutional emails from the university, some with passwords allegedly visible in plain text.
-
Database fragments with real names, registration numbers, and emails.
-
Internal server directories, including backups with names such as bkp_db_actividad_all.
-
Administrative user records and mentions of access related to the SAT and other internal platforms.
-
Tables and catalogs used by UFCD's academic and administrative management systems.
One of the leaked files, identified as fr4num594, contains full names, institutional emails, and other personal data of users who appear to be part of the university's facility access control system. Publimetro Mexico verified that at least two of the names that appear are real, active UFCD employees with public profiles that confirm their employment relationship.
In fact, one of them claims to be responsible for developing and maintaining the university's internal academic management, payment, and digital operations systems. This confirms that the leaked information is not fabricated; at least part of it is authentic and represents a real leak of sensitive data.
What kind of information from Club Pachuca could be at risk?
According to the hacker, he managed to gain access to the system for more than 93 days, during which time he claims to have collected all kinds of sensitive data. Among the information he claims to have are:
-
Internal club and university contracts
-
Financial information
-
Stamped tax data
-
Directories with staff identifiers
-
Administrative access to internal systems
In his latest message, the attacker even warned that shutting down or formatting the servers would not solve the problem, implying that he left some kind of permanent access installed so he could re-enter whenever he wanted.
In addition, he took the opportunity to strongly criticize the club's technology team, saying that they are not prepared to handle this type of situation. He also assured that both the prestige of Club Pachuca and the university will be “tarnished” by what happened.