Be Prime Hit by Cyberattack Exposing Client Surveillance Feeds and Data
Mexican IT infrastructure firm Be Prime is responding to a cybersecurity breach after an attacker, operating under the alias "dylanmarly," posted screenshots on a cybercrime forum claiming access to the company’s Cisco Meraki Vision panel. The leaked images allegedly showed live video feeds from client offices, including workspaces monitored by security cameras.
The attacker also claimed to have exfiltrated 12.6 GB of data, including sensitive information from Be Prime’s high-profile clients spanning energy companies, retail chains, and national pharmacies. While Be Prime acknowledged the incident in a LinkedIn statement on Thursday, it did not confirm whether client data was compromised or verify the attacker’s claims about accessing Meraki API keys and thousands of network devices.
According to the company, the breach did not disrupt its operational continuity or client services. Be Prime stated it had activated containment and remediation protocols, working with Cisco Talos to investigate and strengthen security measures. However, the attacker alleged that the breach stemmed from Be Prime’s failure to implement two-factor authentication (2FA) on admin accounts a claim the company has not publicly addressed.
In its statement, Be Prime warned of potential defamation lawsuits against those spreading "inaccurate or out-of-context" information but did not respond to requests for clarification on the attacker’s specific claims. The company has since established a dedicated contact channel for clients seeking updates and reassured stakeholders that further details would be shared as investigations progress.
The incident underscores the risks of unsecured surveillance systems and API vulnerabilities, particularly for firms managing critical infrastructure for major enterprises.
Source: https://www.theregister.com/2026/04/21/be_prime_cctv_leak/
Prime Communications MX cybersecurity rating report: https://www.rankiteo.com/company/prime-communications-mx
Cisco Meraki cybersecurity rating report: https://www.rankiteo.com/company/cisco-meraki
"id": "PRICIS1776775110",
"linkid": "prime-communications-mx, cisco-meraki",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'High-profile clients (energy '
'companies, retail chains, '
'national pharmacies)',
'industry': 'Technology',
'location': 'Mexico',
'name': 'Be Prime',
'type': 'IT Infrastructure Firm'}],
'attack_vector': 'Unsecured admin accounts (lack of 2FA)',
'customer_advisories': 'Dedicated contact channel established for clients',
'data_breach': {'data_exfiltration': '12.6 GB of data allegedly exfiltrated',
'sensitivity_of_data': 'High (client surveillance feeds, '
'business data)',
'type_of_data_compromised': 'Live video feeds, sensitive '
'client data'},
'description': 'Mexican IT infrastructure firm Be Prime is responding to a '
'cybersecurity breach after an attacker, operating under the '
"alias 'dylanmarly,' posted screenshots on a cybercrime forum "
'claiming access to the company’s Cisco Meraki Vision panel. '
'The leaked images allegedly showed live video feeds from '
'client offices, including workspaces monitored by security '
'cameras. The attacker also claimed to have exfiltrated 12.6 '
'GB of data, including sensitive information from Be Prime’s '
'high-profile clients spanning energy companies, retail '
'chains, and national pharmacies.',
'impact': {'data_compromised': '12.6 GB of data, live video feeds from client '
'offices',
'legal_liabilities': 'Potential defamation lawsuits',
'operational_impact': 'No disruption to operational continuity or '
'client services',
'systems_affected': 'Cisco Meraki Vision panel, network devices'},
'initial_access_broker': {'entry_point': 'Unsecured admin accounts (lack of '
'2FA)',
'high_value_targets': 'Meraki API keys, network '
'devices'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks of unsecured surveillance systems and API '
'vulnerabilities',
'post_incident_analysis': {'corrective_actions': 'Working with Cisco Talos to '
'strengthen security '
'measures',
'root_causes': 'Failure to implement 2FA on admin '
'accounts, unsecured surveillance '
'systems'},
'recommendations': 'Implement two-factor authentication (2FA) on admin '
'accounts, secure API keys',
'references': [{'source': "Cybercrime forum post by 'dylanmarly'"},
{'source': 'Be Prime LinkedIn statement'}],
'regulatory_compliance': {'legal_actions': 'Potential defamation lawsuits'},
'response': {'communication_strategy': 'LinkedIn statement, dedicated contact '
'channel for clients',
'containment_measures': 'Activated containment protocols',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Strengthening security measures',
'third_party_assistance': 'Cisco Talos'},
'stakeholder_advisories': 'Reassurance of further updates as investigations '
'progress',
'threat_actor': 'dylanmarly',
'title': 'Be Prime Hit by Cyberattack Exposing Client Surveillance Feeds and '
'Data',
'type': 'Data Breach',
'vulnerability_exploited': 'Meraki API keys, unsecured surveillance systems'}