Last night the right-wing political party known as Vox (the Voice), founded in Madrid, Spain in 2013, was hacked by a group of Anonymous going by the name of “La Nueve.” In a posting on Twitter, La Nueve explained that they carried out the attack to troll new GDPR laws designed to encrypt and protect user data online, stating that “The RGPD-GDPR will not be applied to this gang. They will say that their data was protected and encrypted (false, passwords in plane or in MD5)” but it wasn’t. To prove this, La Nueve leaked “sensitive tables and about 30,000 records” online last night.
What makes the hack even more entertaining is the fact that La Nueve actually gave Vox greater than 20 hours heads up that an attack was immanent, and site administrators still weren’t able to harden or protect their servers in time.
Spanish authorities have verified the legitimacy of the hack/leak. According to the Telematics Crimes Unit of the Civil Guard, though the site was hacked, La Nueve was only able to gain “access to the records of registered of the users who have signed up for Vox’s website to receive updates/information” about important political events or releases. Adding “that the group has accessed party information, but not to the data of the affiliates or donors” – which “are hosted on other, more secure servers.” The event marked the second time in the last 2 months that Vox’s servers were either taken down or compromised.
Website Effected: hxxp://voxespana.es