BePrime Cyberattack Exposes 12.6GB of Data, Highlights Critical Security Failures A Mexico-based cybersecurity firm, BePrime, suffered a major breach after attackers allegedly exploited unprotected administrator accounts lacking multifactor authentication (MFA). The incident, disclosed by the threat actor on a cybercrime forum, resulted in the theft of 12.6GB of sensitive data, including plaintext credentials, transaction records, and security audit reports detailing vulnerabilities in client systems. The attacker claimed to have compromised 1,858 network devices primarily Cisco Meraki switches and routers using stolen credentials and API keys, granting access to traffic from over 2,600 connected devices. Among BePrime’s high-profile clients are energy giant Iberdrola, industrial firm ArcelorMittal, and retail operators like Alsea (Starbucks, Domino’s, and Vips). The breach also exposed live video surveillance feeds, with screenshots of internal panels shared as proof of the intrusion. Security experts, including hacker Alberto Daniel Hill, emphasized the severity of the incident, noting that the lack of basic protections like 2FA in a cybersecurity provider erodes trust. The exposure of penetration test reports outlining client vulnerabilities further amplifies risks, particularly for critical infrastructure sectors like energy. Hill warned that unauthorized access to such systems poses a direct threat to Mexico’s national security. BePrime confirmed the breach in a statement but provided limited details, stating only that containment and remediation protocols were activated. The company asserted no operational impact on clients but faced criticism for its response, including threats of legal action against journalists reporting on the incident. The attack underscores the dangers of overlooked security fundamentals, even within firms tasked with protecting others.