BePrime Cyberattack Exposes 12.6GB of Data, Highlights Critical Security Failures
A Mexico-based cybersecurity firm, BePrime, suffered a major breach after attackers allegedly exploited unprotected administrator accounts lacking multifactor authentication (MFA). The incident, disclosed by the threat actor on a cybercrime forum, resulted in the theft of 12.6GB of sensitive data, including plaintext credentials, transaction records, and security audit reports detailing vulnerabilities in client systems.
The attacker claimed to have compromised 1,858 network devices primarily Cisco Meraki switches and routers using stolen credentials and API keys, granting access to traffic from over 2,600 connected devices. Among BePrime’s high-profile clients are energy giant Iberdrola, industrial firm ArcelorMittal, and retail operators like Alsea (Starbucks, Domino’s, and Vips). The breach also exposed live video surveillance feeds, with screenshots of internal panels shared as proof of the intrusion.
Security experts, including hacker Alberto Daniel Hill, emphasized the severity of the incident, noting that the lack of basic protections like 2FA in a cybersecurity provider erodes trust. The exposure of penetration test reports outlining client vulnerabilities further amplifies risks, particularly for critical infrastructure sectors like energy. Hill warned that unauthorized access to such systems poses a direct threat to Mexico’s national security.
BePrime confirmed the breach in a statement but provided limited details, stating only that containment and remediation protocols were activated. The company asserted no operational impact on clients but faced criticism for its response, including threats of legal action against journalists reporting on the incident. The attack underscores the dangers of overlooked security fundamentals, even within firms tasked with protecting others.
BE PRIME cybersecurity rating report: https://www.rankiteo.com/company/be-prime
Iberdrola cybersecurity rating report: https://www.rankiteo.com/company/iberdrola
Alsea cybersecurity rating report: https://www.rankiteo.com/company/alsea
ArcelorMittal cybersecurity rating report: https://www.rankiteo.com/company/arcelormittal
"id": "BE-IBEALSARC1776666624",
"linkid": "be-prime, iberdrola, alsea, arcelormittal",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Iberdrola, ArcelorMittal, Alsea '
'(Starbucks, Domino’s, Vips)',
'industry': 'Cybersecurity',
'location': 'Mexico',
'name': 'BePrime',
'type': 'Cybersecurity Firm'}],
'attack_vector': 'Exploitation of unprotected administrator accounts (lack of '
'MFA)',
'data_breach': {'data_exfiltration': '12.6GB of data stolen',
'sensitivity_of_data': 'High (includes client vulnerabilities '
'and sensitive credentials)',
'type_of_data_compromised': ['Plaintext credentials',
'Transaction records',
'Security audit reports',
'Live video surveillance feeds']},
'description': 'A Mexico-based cybersecurity firm, BePrime, suffered a major '
'breach after attackers exploited unprotected administrator '
'accounts lacking multifactor authentication (MFA). The '
'incident resulted in the theft of 12.6GB of sensitive data, '
'including plaintext credentials, transaction records, and '
'security audit reports detailing vulnerabilities in client '
'systems. The attacker compromised 1,858 network devices '
'primarily Cisco Meraki switches and routers using stolen '
'credentials and API keys, granting access to traffic from '
'over 2,600 connected devices. The breach also exposed live '
'video surveillance feeds.',
'impact': {'brand_reputation_impact': 'Erodes trust in the cybersecurity '
'provider',
'data_compromised': '12.6GB of sensitive data',
'operational_impact': 'No operational impact on clients (claimed '
'by BePrime)',
'systems_affected': '1,858 network devices (Cisco Meraki switches '
'and routers), 2,600+ connected devices'},
'initial_access_broker': {'entry_point': 'Unprotected administrator accounts',
'high_value_targets': 'Cisco Meraki switches and '
'routers, client '
'vulnerabilities'},
'lessons_learned': 'Lack of basic protections like MFA in a cybersecurity '
'provider erodes trust and poses significant risks, '
'especially for critical infrastructure sectors.',
'post_incident_analysis': {'root_causes': 'Lack of multifactor authentication '
'(MFA) on administrator accounts, '
'poor credential management'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Implement multifactor authentication (MFA) for all '
'administrator accounts, enhance monitoring of high-value '
'targets, and ensure robust incident response '
'communication strategies.',
'references': [{'source': 'Cybercrime forum (threat actor disclosure)'},
{'source': 'Alberto Daniel Hill (security expert)'}],
'response': {'communication_strategy': 'Limited details provided; threats of '
'legal action against journalists',
'incident_response_plan_activated': 'Containment and remediation '
'protocols activated'},
'title': 'BePrime Cyberattack Exposes 12.6GB of Data, Highlights Critical '
'Security Failures',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of multifactor authentication (MFA) on '
'administrator accounts'}