3 June 2016

Anonymous hacktivist group announced data breach of Spanish National Police website mupol.es. Hackers published database dump with personal information of police officers. The dump we have analyzed contains 5409 records. The leaked information consists of full names, personal email addresses, national identification numbers, hashed passwords and issue dates.

The published information is a major threat to police officers, since it can be used to track them in social networks by their personal email addresses and names. We randomly chose 10 records from the list and were able to connect 8 of them to profiles in Facebook.

The brief analysis of password hashes suggests that website developers did not put much efforts into users’ security. We urge the victims of this breach to change their passwords everywhere and do not use “123456” password ever again.