Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
With a Model Fit for Big Companies, a Young Man Developed a Digital Framework That Sold Confidential Information on a Large Scale Without Raising Suspicion
Imagine someone 21 years old setting up a business as well-structured as a successful fintech, but instead of selling subscriptions or legal products, sold his private life: social security number, phone number, address, school history, and even banking data. That’s exactly what José Luis Huertas, better known as Alcasec, the Spanish hacker who created a true crime business complete with a customer service bot, cryptocurrency payments, and an automated database, did.
Far Beyond a Simple Hacker
Alcasec became known after being arrested in 2023 in Spain. But contrary to the stereotype of the solitary teenage hacker with a laptop in a basement, he had developed an extremely sophisticated criminal business infrastructure. His platform, named Udyat – The Eye of Horus, functioned like a sort of personal data marketplace, resembling the structure of companies like Netflix or Amazon rather than an illegal deep web site.
According to the National Police of Spain, the system was capable of operating continuously, with automatic data capture and segmentation, category-based sales, and service via an encrypted bot 24 hours a day, 7 days a week.
ARTICLE CONTINUES BELOWSee also
A woman went out for a regular walk and ended up finding a treasure buried for over 900 years, with more than 2,000 medieval silver coins compared by archaeologists to a lottery prize and considered one of the most significant finds in recent years in the country.
Scientists revealed 11 signs that very intelligent people exhibit in their daily lives, and most people have no idea that some of these common behaviors are directly linked to an above-average brain.
From space, Buenos Aires appears as a colossal spot of light surrounded by kilometers of darkness, revealing at a single glance the exact boundary between the metropolis and the countryside, seen from 400 km altitude.
NASA spent over 118 million reais to build a single bathroom that works in zero gravity, and it has just gone to space on the first crewed mission to the Moon in more than 50 years.
The Functioning of the Platform: An E-commerce of Privacy Violation
In practice, the “customer” would enter the platform, choose the type of information they wanted to buy — such as data from individuals or companies — and make the payment with cryptocurrency. Everything was anonymous, fast, and functional. The site offered access to databases that included:
- Phone numbers and addresses of millions of Spanish citizens;
- Customer records from mobile operators;
- Information on public transport passes in Madrid;
- Civil registry data and even pet registrations;
- Data on students from educational institutions.
A true parallel market for personal data, treated with the casualness of a legitimate service.
A Real Threat to Public Safety
The Spanish police classified the organization as a “structural threat” with the risk of economic and strategic destabilization. And it’s not an exaggeration: the platform operated with such naturalness and efficiency that even Spanish public agencies were breached without realizing it.
The most serious issue? The model was scalable. Alcasec didn’t need to breach a new system every week. His bots were already programmed to extract information in real time, classify it by categories, and make it available to customers automatically.
Profits Worthy of a Successful Startup
The numbers are impressive. The estimate is that Alcasec earned over 1.8 million euros from data sales, according to the Spanish newspaper El Confidencial. On his devices, 32,943 bitcoins — equivalent to millions of euros — were found, and between December 2021 and February 2022, he received cryptocurrency transfers worth 365,000 euros.
In addition, the structure also had:
- Cloud storage;
- Automated billing system in crypto;
- Customer service bot integrated with social media;
- Intuitive interface and design similar to legal companies.
Dangerous Relationships: Politics and Consultancy Front
One of the most controversial points of the case involves former Secretary of State of Spain, Francisco Martínez, whose name was used by the network as a front to simulate a legitimate digital security consultancy. This served to launder the criminal operation and give an appearance of legality to contracts with third parties — something that is still being investigated by authorities.
What Does This Have to Do with Brazil?
Cases like Alcasec’s raise alarms in Brazil, which also faces increasing problems with leaks and trade of personal data. The General Data Protection Law (LGPD) has been in effect since 2020, but there are still many loopholes and little effective oversight. Moreover, cyber crimes involving cryptocurrency, the deep web, and social engineering have increased in Brazil in recent years, as reported in a Kaspersky report.
If a 21-year-old was able to set up an operation of this scale in Europe, what’s to stop something similar from happening right now in Brazilian territory?
What Can We Learn from This?
The Alcasec case is yet another warning sign about the risks of digital exposure and how easily our information can be bought by anyone with access to the internet and some cryptocurrency. It also reinforces the urgency for stronger measures of digital education, investment in cybersecurity, and oversight of companies that handle sensitive data.
Seja o primeiro a reagir!