A threat actor using the alias B4baYega has listed a sensitive dataset allegedly stolen from the Moroccan Ministry of National Education on a dark web forum. The post advertises a wide range of education-related documents collected over two decades, between 2003 and 2024.
According to the threat actor, the dataset includes files in multiple formats—.xlsx, .doc, .docx, .zip, and .rar—but does not provide admin-level access. However, they also claim that the buyer will receive a method to extract more data, suggesting ongoing access or vulnerability.
The post includes a sample of the leaked data, written in Arabic, appearing to contain student records or institutional data. The seller, who has built some reputation on the forum with 110 REP and 27 credits, included a session hash and Telegram contact for interested buyers.
This leak, while not providing admin access, still presents a major concern for the education sector in Morocco. The potential exposure of student, staff, or institutional data spanning over 20 years could lead to widespread identity theft, academic fraud, and social engineering attacks targeting the ministry or its partners.
Authorities in Morocco need to investigate the source of the breach and assess the sensitivity of the exposed records. Institutions under the Ministry of Education should also review access controls and implement additional security measures to prevent further leaks.