A threat actor has allegedly breached the servers of the Spanish Socialist Workers’ Party (PSOE), the current ruling political party in Spain. The PSOE, which stands for Partido Socialista Obrero Español, is a major political force in the country and is currently leading the government. The alleged hack was announced on a dark web forum, with the perpetrator claiming it was a hacktivist action motivated by dissatisfaction with the current government. The actor states the hack was “much easier than I expected” and that they extracted files, source code, and a database from the party’s servers.
The threat actor claims to have exfiltrated a main database of nearly 10GB. This database allegedly contains sensitive information pertaining to the party’s internal operations and its members. While the actor has stated they will not publish the full database, they shared screenshots appearing to show portions of the compromised data to substantiate their claims. The leaked data allegedly includes:
- Intranet data
- Credentials and personal information of employees
- Information on political affiliates
- Details of politicians and party members
The individual behind the attack framed the breach as a protest against the current political situation in Spain, urging citizens to take action. They claim to have previously reported critical security vulnerabilities to Spanish governmental institutions without malicious intent. This incident raises serious concerns about the cybersecurity posture of political organizations and the potential for politically motivated cyberattacks to expose sensitive personal and internal data.
