Spanish Company Housfy Breached, Hackers Announce Selling Access to Admin, VPN, Database

• A post on a hacker forum announced the Spanish firm Housfy had been hit by a data breach.
• They advertised the sale of access to the real estate firm’s administration panel, VPN, and a database.
• The exposed data allegedly includes IDs, full names, email addresses, phone numbers, and identity document numbers. 

Spain-based real estate platform Housfy has reportedly suffered a data breach, with a threat actor known as "hikaru" claiming responsibility and selling access to Housfy’s administration panel, VPN credentials, and an extensive database containing sensitive information.  

The leaked database allegedly includes over 300,000 rows of data, compromising both customer and employee details. 

According to "hikaru," fields in the stolen dataset encompass critical identifiers such as IDs, full names, email addresses, phone numbers, and identity document numbers. 

While Housfy has yet to confirm the data breach publicly, the claims raise serious cybersecurity concerns, particularly given the sensitivity of the information involved.  

Cybercriminal forums have seen increased chatter around breaches of this nature, with attackers leveraging such data to enable identity theft, phishing attacks, and other malicious activities. 

In June, a threat actor using the alias MazingerZ exfiltrated a CSV file containing over 800,000 rows from Spanish insurance company Ocaso Seguros, and a threat actor known as “Cargo” claimed to have stolen employee login credentials from the Policía Nacional.

Also, the Qilin ransomware gang has publicly claimed responsibility for breaching the Kerrville Independent School District, based in Texas and exfiltrating sensitive data.