Spain’s Ministry of Universities has allegedly been compromised following the discovery of a critical security flaw within its systems. The incident involves a high-severity IDOR vulnerability, which reportedly granted an unauthorized party full admin-level access to the ministry’s database. According to the claims, the breach was facilitated through leaked credentials combined with a sequential DNI (National Identity Number) iteration method, allowing for the systematic exfiltration of sensitive records.
The allegedly compromised data includes a vast amount of Personally Identifiable Information (PII) and financial details associated with students and applicants. According to the actor, the exposed records contain:
-
Passport scans
-
DNI/NIE (National ID) scans
-
Apostilled foreign degrees
-
Apostilled certified transcripts and grades
-
Payment receipts (including sender/receiver bank accounts and IBANs)
-
Study plans and curricula
-
Enrollment applications
-
Registration proofs
-
Email addresses
