Mexico City, Mexico — According to a report by the cybersecurity firm Syhunt, more than half of leaked passwords around the globe are associated with public institutions. The company says the worst affected nation is the United States followed by the United Kingdom and Australia.
However, in position number seven is Mexico with 31,995 leaked passwords related to the gob.mx domain.
This data was found after the company analyzed a 100 GB document called COMB21 (Compilation of Many Breaches), which integrated data from multiple leaks in different companies and organizations that occurred since 2017.
The way hackers obtained the data, Syhunt specialists explained, was based on decryption techniques or through phishing attacks and spying on insecure connections. However, they highlighted that these leaks did not imply a violation of public administration systems.
The company says 3.28 billion passwords were exposed, linked to 2.18 billion unique emails, compiled into a single file and published through a link on the forum. “This time, the leak was fully published for free and the archive is being actively shared among hackers and cybercriminals,” the company reported.
According to the analysis, countries like Russia had fewer leaks because they are based on their own alphabets, which gives a thicker layer of security. “It is an indication that passwords in these countries, made up of local alphabets, are less attacked by hackers,” said Felipe Daragon, founder of Syhunt.
The relationship between cybersecurity and Mexico is not ideal. According to 2020 data from the firm ESET, the country has 16.94 percent of the attacks registered in Latin America, which places it as the third most vulnerable country in the region only behind Peru and Brazil.
Among the most relevant attacks on government agencies is that of Petróleos Mexicanos (Pemex), which at the end of 2019, suffered a leak of 180,000 files with operational information of the company, lists of workers and passwords.
In December of 2020, Mexico’s Ministry of Public Function (SFP) announced that between the months of May and June 2020, it had a security configuration error in its database which caused the exposure of confidential personal information of 830,000 public servants.
Cybersecurity Silikn has also warned about the possibility of an increase in cyberattacks during the electoral season. The firm warned the attacks would likely be against government agencies and other organizations mainly through phishing scams distributed through fake news platforms.