Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.
Continuously updated breach reports and threat summaries.
Daily breach, leak, and DDoS alerts.
Live tracking with JSON export.
Direct access to claims and posts.
Concise summaries of DDoS, defacements, and breaches.
Verified index of dark web sites and services.
Live status of 500+ sites.
Integrated checks inside breach posts.
Uncompressed, watermark free evidence.
Browser alerts for tracked terms.
Stay in the loop across channels.
Verified PGPs for ransomware and threat groups.
🏢 About JAPAY
The Junta de Agua Potable y Alcantarillado de Yucatán (JAPAY) is the state-level water and sanitation utility provider for Yucatán, Mexico. It manages water supply, billing, and infrastructure for both residential and commercial clients.
⚠ Disclaimer
This report includes actual screenshots and/or text that may include unredacted personally identifiable information (PII) gathered from publicly available sources.
The sensitive information presented within this report is intended solely for cybersecurity awareness and threat intelligence purposes.
📌 Overview
On August 21, 2025, a threat actor known as Eternal claimed responsibility for selling a large dataset allegedly belonging to JAPAY, Mexico’s Yucatán water utility service.
The actor claims the dataset contains over 400,000 records, including sensitive customer and organizational details such as tax information, cadastral and physical addresses, water meter numbers, billing, and consumption data.
The leak was advertised on underground forums, with Eternal setting a sale price of $500 USD or a “ransom” price of $10,000 USD for data withdrawal.
📊 Key Details
| Attribute | Information |
|---|---|
| Date | 2025-08-21 |
| Threat Actor | Eternal |
| Victim Country | 🇲🇽 Mexico |
| Industry | Energy & Utilities |
| Victim Org. | JAPAY (Junta de Agua Potable y Alcantarillado de Yucatán) |
| Victim Site | japay.yucatan.gob.mx |
| Category | Data Breach |
| Severity | Medium |
| Network | Open Web |
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
){kind=link}