14 DAY TRIAL // Shad0wS3C leader Gh0s7 has managed to hack another website, this time belonging to Instituto de la Función Registral del Estado México (also known as IFREM).
Gh0s7 told us that he discovered a vulnerability in their server that allowed him to get the main database file, which includes sensitive information such user data, passport details, and other personal information that was exposed in the breach.
The hacker explains that he didn’t hack the website for hacktivism, but to show the world that his team Shad0w Security (Shad0wS3C) was back in business.
“I didn't do this for hacktivism purpose but to show that my team is back and more will be coming soon. we are now a hacking team,” he told us, suggesting that more breaches are likely to be announced in the coming days.
Additionally, Gh0s7 told us that he didn’t report the problem to the site’s admin because “the government doesn’t have a bug bounty program,” but we’re pretty sure that the attack would be investigated now that details went public.
The first time the hacker managed to breach the website was in September, but he only now managed to get their entire database, so for some reason, IFREM failed to increase their website security and prevent further hacks.
Previous hacks
This isn’t the first time when Shad0wS3C breaks into government websites, as the group recently managed to hack Paraguay’s Secretary of National Emergency (SNE), gaining access to databases that included user records, names, emails, phone numbers, addresses, and login credentials, such as hashed passwords.
At that point, the group claimed that the attack aimed at Paraguay was a result of the state violating human rights:
“The government of Paraguay have violated so many human rights, and either the UN (Dont rely on them) or anyone have done anything. just to name a few: -Impunity and justice system -Torture and other ill-treatment -violation of Women’s and girls’ rights -violation against Human rights defenders”
We’ve reached out to IFREM admins to ask for a statement and to report the hack, but an answer hasn’t yet been provided. We’ll update the article when more information is available.