DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Council of Granada database was sold by hacker. Should anyone be concerned?

Posted on March 7, 2023September 17, 2024 by chum1ng0

The Council of Granada is a public entity providing direct services to citizens as well as technical, economic, and technological support to the city councils of the municipalities of the province of Granada, Spain.

On December 29, 2022, the group known as “GhostSec” listed a Granada Council database at dipgra.es for sale, claiming they had almost 7 GB of information. A small sample was provided as proof. The group signed their listing,  “~With love GhostSec <3”

Listing on BreachForums by GhostSec for dipgra.es database.

The database was listed with a price of $450, but one month later, it had not sold. On January 29, people on Twitter started paying attention to the listing. A few days later, a story in IDEAL.es also covered the story, reporting that the council claimed that they had implemented all protocols and this was a minor incident (the news report is behind a paywall).

GhostSec posted a second sales listing on their Telegram channel on February 11 with an asking price of $450.00.  On February 16, they lowered the asking price to $250.00. The listing was subsequently deleted and GhostSec informed DataBreaches that they had sold the database.

The Data Sample

DataBreaches examined the data sample provided and found 17 folders. Some contained  acronyms corresponding to institutions that have to do with the deputation of Granada, such as campus_social, a subdomain of the deputation of Granada, Cemci (The Center for Municipal Studies and International Cooperation), and pmd (Granada Sports Council). The sample contained personal and work-related information on individuals.

Sample of Granada Council database, redacted by DataBreaches.
Translation of fields: id, id_request, dni, role, position, mail, date, mobile phone, avatar, status, name, user, password, telephone, activity, last name, connected, work area. Image redaction: DataBreaches.net.

Several files in the sample also contained usernames and passwords.

On February 15, DataBreaches sent an inquiry to the council asking specifically about the usernames and passwords. Getting no reply (although the council later informed us that they had replied to our earlier inquiry), DataBreaches sent a second inquiry on March 2.

When asked whether the incident had been controlled (as the council had reportedly claimed in early February),  Amina Nasser Eddin, the council’s Directora de Prensa, wrote to DataBreaches, “Yes, we have detected the vulnerabilities and have proceeded to resolve them.” It is not clear to DataBreaches whether they are claiming that they are no longer susceptible to an SQLi attack, which is how GhostSec told DataBreaches they had gained access.

In answer to a second question from DataBreaches about the accounts with usernames and passwords, the council spokesperson replied, “There are accounts that are old and have not been in force for years and the current ones have been disabled and have been renewed.”

According to GhostSec, the data, which included many passwords not disclosed in the sample, was acquired from dipgra.es in late December. The council never contacted them about the listing, GhostSec claims, and they never contacted the council. But now the data, including data that DataBreaches has not seen, is in the hands of an unknown buyer.

GhostSec

GhostSec joined Breach Forums in June 2022, but they are not a new group. GhostSec, who has been described by others as hacktivists, rose to prominence through their attacks on pro-ISIS entities. They have also embraced other causes, such as #OpIran.

Listings by GhostSec on BreachForums come from a variety of countries and type of entities.
Listings by GhostSec involve data from Brazil, Spain, China, Israel, Russia, and the U.S. Image: DataBreaches.net.

At times, they have been affiliated with Anonymous. At other times, they have tried to distinguish themselves from Anonymous. In a March 2022 tweet, GhostSec listed their member accounts: @SebastianDAlex @YounesAnonymous @wond3rghost  @YourAnonWolf @Denrow1337 @shdwpnda @squad3o3 @An0nAKn0wledge

DataBreaches hopes that Granada’s council is right and that they have controlled the incident and taken care of any passwords that might have still been working at the time of the attack.


Some additional material and editing by Dissent.

Category: Breach IncidentsCommentaries and AnalysesGovernment SectorNon-U.S.

Post navigation

← ANOTHER Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data
Northeast Surgical Group notifies 15,298 patients of a HIPAA breach, but doesn’t tell them their information has been dumped. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.