A major data breach affecting ISMAC (Institut Supérieur des Métiers de l’Audiovisuel et du Cinéma) in Morocco has surfaced on a dark web forum. The threat actor behind the post, identified as “iCap0ne”, is selling a 70MB SQL dump containing 1,034,534 records, allegedly extracted from ISMAC’s academic and applicant database.
The data leak, dated April 13, 2025 offers both standard and exclusive purchase options:
- Standard Access: $400
- Exclusive Rights: $1,200 (guaranteed single buyer with post removal)
According to the threat actor’s post, the breached database contains:
- Applicant Information: Full names, emails, phone numbers, physical addresses, birth dates, nationalities, and official IDs (CINs, passports).
- Pre-registration Records: Academic background, baccalaureate series and distinctions, and selected programs.
- Payment Information: Transaction amounts (in MAD), receipt numbers, registration IDs, and associated dates.
- Account Security Details: Password reset tokens, associated emails, and key expiration timestamps.
The actor claims the SQL dump is “clean” with minimal cleanup required, indicating a potentially direct export from the database. Notably, the dataset includes both Moroccan and Central African nationals, expanding its potential value.
What are the Risk Implications?
This breach poses significant risks across various domains:
- Identity Theft & Fraud: Exposure of national IDs and passport numbers increases the likelihood of impersonation or forgery.
- Credential & Access Abuse: The presence of password reset tokens and email links could open doors to account hijacking.
- Social Engineering: Leaked academic and financial records could be used for phishing, scam calls, or targeted fraud schemes.