Data Breach Shakes Spanish Political Landscape
Recently, the National Police arrested two young men for their involvement in the data breach affecting Pedro Sánchez and other high-ranking officials in the Spanish government. This incident marks a significant event in cybersecurity history, as it involved a massive data leak that authorities describe as a “very serious threat to national security.” Surprisingly, the orchestrators of this breach are not part of a sophisticated hacking syndicate; rather, they are two 19-year-old residents of the Canary Islands who leveraged a bot sold on Telegram.
@Akkaspace and @pakito are the online aliases of the two individuals involved in this data breach. The ringleader, Yoel (Akkaspace), is currently a computer science student. He was apprehended at his residence on July 1, and his accomplice, Cristian (Pakito), was also taken into custody. Cristian reportedly assisted Yoel in promoting his activities. As of July 3, they were released after authorities launched ongoing investigations into potential terrorism charges. They must appear in court twice a month while the inquiry is active.
The Bot: This hacking tool played a crucial role in the data breach. The bot allowed the young hackers to scour previously compromised databases, taking advantage of pre-existing vulnerabilities within various organizations. Security expert Rafael López elaborated in an interview that this breach was not a typical hacking operation, as it relied heavily on Open Source Intelligence (OSINT). In a revealing Twitch interview, Yoel stated:
“With a bot that I have, I can essentially access everything. If you purchase the bot and search for a full name, phone number, or ID, you can retrieve all the associated information. This is how I have gathered data on politicians.”
The Filtration: The cybersecurity investigation began on Telegram, where @Akkaspace and @pakito used a channel with over 90,000 members to disseminate the personal data of public officials. While they initially targeted only seven prominent figures, their activities escalated, ultimately affecting an array of politicians, including the Prime Minister himself. The leaked data contains sensitive information such as birth dates, phone numbers, identification numbers, and even home addresses, although some of this data may be outdated.
Motivation: When Yoel stated, “We are just two bored kids,” during his Twitch livestream, he dismissed any ideological motivations behind the leakage. He mentioned the ongoing conversations regarding political corruption as a potential reason: “Given the current political environment, why not expose these politicians’ information? It serves as a lesson.” However, sources suggest that economic incentives played a vital role in their actions. Yoel sold the compromised databases and the bot itself for payment in Bitcoins .
An Undercover Operation: The National Police employed an undercover agent who managed to purchase access to the database for a mere 60 euros paid in Bitcoins . Cristian or @Pakito was reportedly responsible for managing their cryptocurrency portfolio, although the total earnings from their illegal activities remain undisclosed.
As the lines between personal privacy and the digital age continue to blur, this incident raises profound questions about the ethical implications of data security. The involvement of such young individuals underscores the urgent need for increased cybersecurity measures across government and corporate sectors worldwide. The ramifications of this breach may resonate far beyond the immediate fallout, impacting public trust in institutions designed to protect sensitive information.

