A hacker calling himself Hol1stic-Killer, Eternal and V1ralGod, has just unleashed one of the biggest digital attacks ever seen in Mexico. In just a few hours, he began to leak databases with highly sensitive information: from active telephone numbers and bank details, to electoral rolls and political affiliations.
More than 17 million records have already been leaked, and according to experts, the risk is enormous: we are talking about possible fraud, identity theft and even attacks targeting specific individuals. But this is not just a “digital activist” warning. No. The hacker is selling the data on clandestine forums, while launching messages denouncing the poor security of systems in the country. Several sources have confirmed that the files contain current and legitimate data, making it clear that we are facing a serious cybersecurity crisis in Mexico.
“Since I have seen people trying to sell old and outdated information, I decided to share something that is really worthwhile.” Holl1stic-Killer.
In one of its latest publications, Eternal dropped a bombshell: more than 2.8 million active WhatsApp numbers linked to the state of Nuevo León. The file, which weighs 247 MB and comes in .csv format, includes data from 1995 to 2020. Each line brings details such as the provider (Telcel, AT&T, Movistar), the city, the municipality and even the date of activation of the number.
But this, according to the hacker himself, is just a “sample”. He says he has the complete file with data from all the states in the country, although it is only available to those who can prove they have the money to pay for it.
"Today I share with you a simple but useful leak containing active phone numbers on WhatsApp from the Mexican state called Nuevo Leon. This is useful for basic spam campaigns or things like that."- Holl1stic-Killer.
Another of the leaks reveals something even more sensitive: a file with 4 million records of the INE electoral roll, again from the state of Nuevo León. The document includes super-sensitive data such as full name, CURP, voter ID, complete address and date of birth.
According to Eternal, this is only a part of the complete electoral roll it claims to have from 2008 to 2019. With that information, he assures, it is possible to “track a person through the years”.
But it didn't stop there. The same hacker also released a file from the Registry and Cadastral Institute of Nuevo Leon, with more than 50,000 land records. This file includes lot codes, owner's name and address of the property, all in a single file. In other words, key patrimonial data, in the hands of anyone who wants to buy or download it.
"A few days ago I obtained access to the Registry and Cadastral Institute of the state of Nuevo Leon. You can combine this leak with other Mexican databases (like the ones I'm selling) to create specialized fraud campaigns targeting home and land owners" - Holl1stic-Killer.
If you put all the information from the leaked databases together, the picture is disturbing: you can find out who owns what property, where they live, what their phone number is and, in many cases, what bank they have an account with or whether they are affiliated with a political party.
With that level of detail, someone with bad intentions could, for example, impersonate the victim, falsify documents, process a loan in their name or even extort them using data that sounds 100% real.
Read more: 500,000 Passwords and Sensitive Data of Mexicans Leaked on Telegram
Eternal has not stopped at public leaks. He is also selling databases that he claims to have taken from several Mexican banks, including Banorte, BBVA, Santander, Banamex, Banco Azteca, Compartamos, Coppel, Banregio, HSBC and even American Express. According to his publications, these files contain full name, telephone number, CURP, RFC, balances and even financial histories.
But that's not all. It also offers Telcel user records, vehicle control system databases, lists of members of political parties such as the PRI, PAN and Morena, and student data from universities such as UANL.
And as if that were not enough, he claims to have access to old Telmex platforms and data from private companies such as Sears, Liverpool, Fullgas and Megasur. The amount of information he claims to have is so large that it seems like something out of a movie... but it is real.
"I don't sell individual consultations. I only show samples if you give me proof of funds. The bases are complete" - Holl1stic-Killer.
Read more: Hackers Sell Access to .gob.mx Site for 300 Dollars
Hol1stic-K1ller became really famous in April 2025 when he published none other than President Claudia Sheinbaum's marriage certificate, along with personal details of some of her family members. The issue came up at her April 16 conference, where, when questioned, Sheinbaum responded, "I did not see it. We will gladly review it and report it tomorrow."
Cybersecurity experts say that the hacker managed to get into SIDEA, the Civil Registry's internal system where births, marriages and deaths are registered throughout the country. He also gained access to eVAR, the official platform that validates these records. With these two accesses, it would basically be possible to issue totally valid false certificates, without leaving a trace.
The truth is that Hol1stic-K1ller is not new to this. In August 2022, he had already been singled out for leaking a database with data on more than 10 million Banorte customers. The bank tried to stop the spread with “cease and desist” letters, but it didn't work: the forum administrator bought the base... and released it for everyone.
And that was not his first time. In 2021, he had already leaked information stolen from Ecuador's state-owned operator CNT, including IDs, contracts, addresses and even driver's license scans. Since then, his name has been linked to leaks in telecommunications, banking and government entities.