Hackers Leak Allegedly Stolen Telefónica Data

A hacker is threatening to release 106 GB of data allegedly stolen from Spanish telecommunications giant Telefónica, though the company firmly denies any recent breach or data compromise.

The threat actor, operating under the alias “Rey,” claims the intrusion occurred on May 30, during which over 12 hours of data exfiltration took place before access was cut off. So far, a 2.6 GB sample archive has been leaked—unpacking to over 20,000 files and roughly 5 GB in total.

Hacker’s Claims vs. Telefónica’s Denial

Rey, linked to the extortion group Hellcat, claims to have stolen 385,311 files (106.3 GB) that allegedly include:

• Internal communications (tickets, emails)
• Supply orders
• System logs
• Customer records
• Employee data

Telefónica, however, maintains that the material is not new and stems from a January 2025 breach, when Hellcat exploited a misconfigured Jira development server. The company insists that no new intrusion occurred, dismissing the threat as a repackaged extortion attempt.

Evidence and Discrepancies

To support their claims, Rey shared sample files with journalists, including:

• Business client invoices from Hungary, Germany, Spain, Chile, and Peru
• Internal employee emails from Spain, Germany, Peru, Argentina, and Chile
• Billing records tied to European commercial partners

However, analysis of the leaked sample revealed that the most recent file dates to 2021—lending credence to Telefónica’s statement that the data is outdated.

Telefónica’s response: “This is an extortion attempt using old data.”

Hacker’s Ultimatum

Despite the company’s denial, Rey escalated the campaign, publicly announcing:

“Since Telefónica denies the 106 GB leak from their internal systems, I’m releasing 5 GB as proof. Full file tree coming soon. If demands aren’t met, the entire archive drops in weeks.”

The hacker has not specified what demands have been made.

Distribution Tactics

The initial archive was uploaded to PixelDrain, which was quickly removed for legal reasons. It was later reuploaded to Kotizada, a lesser-known file-sharing platform that has since been flagged as malicious by Google Chrome.

Key Takeaways

• The hacker group Hellcat, linked to Rey, previously breached Telefónica in January 2025.
• Some leaked files include currently active employee emails, casting doubt on Telefónica’s claim of exclusively old data.
• The alleged Jira misconfiguration as the original attack vector remains unverified.
• Telefónica has yet to issue a formal press release beyond its brief denial.
• The authenticity and recency of the 106 GB archive remain under scrutiny.