Hacker dumps thousands of sensitive Mexican embassy documents online

A hacker stole thousands of documents from Mexico’s embassy in Guatemala and posted them online.

The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download after the cloud host pulled the data offline, but the hacker shared the document dump with TechCrunch to verify its contents.

The hacker told TechCrunch in a message: “A vulnerable server in Guatemala related to the Mexican embassy was compromised and I downloaded all the documents and databases.” He said he contacted Mexican officials but he was ignored.

In previous correspondence with the hacker, he said he tries to report problems and has received bounty payouts for his discoveries. “But when I don’t get a reply, then it’s going public,” he said.

More than 4,800 documents were stolen, most of which related to the inner workings of the Mexican embassy in the Guatemalan capital, including its consular activities, such as recognizing births and deaths, dealing with Mexican citizens who have been incarcerated or jailed and the issuing of travel documents.

More than a thousand passports — including identification issued to diplomats — were stolen. (Image: supplied)

We found more than a thousand highly sensitive identity documents of primarily Mexican citizens and diplomats — including scans of passports, visas, birth certificates and more — but also some Guatemalan citizens.

Several documents contained scans of the front and back of payment cards.

One of the diplomatic visas issued to a Mexican diplomat stolen in the files. (Image: supplied)

The stolen data also included dozens of letters granting diplomatic rights, privileges and immunities to embassy staff. Diplomatic rights grant employees of the foreign embassy certain protections from their host country’s government and law enforcement. Diplomatic immunity, for example, allows staff to be granted safe passage in and out of the country and are generally safe from prosecution. Other documents seen by TechCrunch were signed off personally by Mexico’s ambassador to Guatemala, Luis Manuel López Moreno, and were instructed to be transported by diplomatic bag, which foreign missions use to transport official correspondence between countries that cannot be searched by police or customs.

Many of the files were marked “confidential,” though it’s not known if the hacked data included anything considered by the Mexican government to be classified or secret. Other files were internal administrative documents relating to staff medical expenses, vacation and time off and vehicle certifications.

When reached Friday, Gerardo Izzo, a spokesperson for the consul general in New York, said it is taking the matter “very seriously” but did not immediately have comment.

Friday is a national holiday in Mexico.

Related stories: