After expressing anger that his
bug bounty efforts were completely ignored by Mexican officials, a hackers
stole and leaked online almost 5,000 confidential documents from the Mexican
embassy in Guatemala, writes
The data trove contained critical
personal information of Mexican citizens and diplomats, including photocopies
of passports, birth certificates, visas, payment cards and information about immunities,
privileges, medical expenses and other operational data. Information pertaining
to some Guatemalan citizens was also discovered. Some files were “official
correspondence between countries that cannot be searched by police or customs.”
The hacker, known on Twitter as
@0x55Taylor, detected a security vulnerability on the server hosting the
documents and claims to have immediately informed Mexican officials about the
threat. He says they didn’t get back to him. This angered him as he felt his
efforts were not appreciated. He usually identifies vulnerabilities and
receives financial compensation. By leaking the data, he apparently wanted to
get their attention and give an example of how a server vulnerability could
affect their data privacy and security.
“A vulnerable server in Guatemala
related to the Mexican embassy was compromised and I downloaded all the
documents and databases. But when I don’t get a reply, then it’s going public,”
he said when contacted by TechCrunch. He also sent the files to the publication
for an authenticity check.
The data was taken offline by the
company hosting the files.
Mexico has not yet made a public statement on the event, as
Friday was a national holiday.