Let's see how we can help you!
Leave a message and our dedicated advisor will contact you.
Send us a message
0/10000
Massive Data Breach on Spanish E-learning Platform: 6 Million Users at Risk
Published: 00:00 10/04/2025
Incydenty
Spanish Education Sector Targeted by Hackers
The cybersecurity world has been shaken once again, and this time the epicenter of the tremors is in Spain. A local, unnamed e-learning platform has become the target of an attack, resulting in the data of over 6 million users falling into the wrong hands. This is yet another proof that even a virtual school does not exempt one from the duty of ensuring digital security.
What Was Stolen and Where Did It Go?
According to the Spanish CERT (INCIBE), the stolen database is a real treasure trove for cybercriminals. It contains:
- Full names of users,
- Email addresses (both personal and professional),
- Hashed passwords (using the bcrypt algorithm),
- Phone numbers,
- Information about social media profiles,
- Details regarding completed courses.
What's worse, this entire data package has been put up for sale on a popular hacker forum. It's like opening Pandora's box—the stolen information can be used for further, more targeted attacks such as phishing, identity theft, or account takeovers on other services.
Response and Recommendations
INCIBE took immediate action, informing the affected company and law enforcement agencies. Unfortunately, the name of the platform has not been made public, which makes it difficult for users to verify if their data is at risk.
This event should be an alarm bell for everyone. If you use any educational platforms, now is the perfect time to proactively change your password and enable two-factor authentication (2FA) wherever possible. Remember, in the online world, it's always better to be safe than sorry!
This is another in a series of major data breaches – we previously wrote about the 15-million record VoyageSecure breach. Regulations like the NIS2 Directive require companies to implement appropriate security measures precisely to prevent such incidents.
Source: Security Affairs
Aleksander
About the Author
Aleksander Zębrowski
Chief Technology Officer at SecurHub.pl
PhD candidate in neuroscience. Psychologist and IT expert specializing in cybersecurity.
Related Articles
Incydenty
Vacation Canceled? Massive Data Breach at Travel Site VoyageSecure!
The data of millions of customers of the popular booking platform VoyageSecure, including travel histories and contact details, has been put up for sale on the darknet after hackers exploited a cloud misconfiguration.
24.09.2025
4 min
Incydenty
Buying an apartment and losing your identity? What the Dom Development data breach teaches us
The high-profile cyberattack on one of Poland's largest developers is more than just another leak. It's a story of how your entire family's data, from PESEL numbers to salaries, could have fallen into the wrong hands. We analyze what this means and how to protect yourself.
16:21 11.12.2025
17 min
Incydenty
Record DDoS Attack in Europe: Threat from IoT and MikroTik Routers
FastNetMon thwarted one of the largest DDoS attacks in Europe, reaching 1.5 billion packets per second, originating from thousands of infected IoT devices.
12.09.2025
3 min
Comments
Loading comments...