What Happened
In October 2025, a claimed data breach at MX Zambrana, a Spanish off-road and motorcycle equipment retailer, exposed the personal identifiable information (PII) of approximately 25,000 customers, including full names, order details (such as addresses, phone numbers, and DNI Spanish national ID numbers), and password hashes (14,000 in vulnerable MD5 format and 9,000 in bcrypt). The dataset, leaked in CSV format by a user named “frog” on underground forums like LeakBase.la, circulated on breach-sharing sites, raising risks of account cracking due to weak hashing on many passwords. No specific breach date or method of compromise was detailed, and it does not match any March 2025 incidents listed elsewhere.
