Brinztech Alert: Website and Server Infrastructure of Gran Cabot Compromised

Dark Web News Analysis

Cybersecurity intelligence from February 16, 2026, has identified a critical server-side compromise involving grancabot.es. A threat actor on a major hacker forum has announced a successful intrusion into the website’s backend, claiming to have achieved full Administrator Access.

The threat actor has released a sample of the exfiltrated database to prove the validity of the breach. The leaked information includes:

• Contact Lists: Full names, verified email addresses, and phone numbers of customers or subscribers.
• Server-Side Backdoor: The actor claims to have uploaded a persistent RCE (Remote Code Execution) file.
• Shared Hosting Risk: The attacker specifically noted that the same server hosts approximately 30 other websites, all of which are now vulnerable to lateral movement and total takeover due to the underlying server-level access.

Key Cybersecurity Insights

The combination of administrator access and RCE on a shared hosting environment represents a “Tier 1” catastrophic risk for small-to-medium enterprises (SMEs):

• The “Shared Server” Domino Effect: In a shared hosting configuration, a single RCE vulnerability on one site (grancabot.es) can be used to “hop” to other tenants on the same physical server. Attackers use this to bypass cross-account restrictions, allowing them to deface, steal data from, or install ransomware on dozens of unrelated businesses simultaneously.
• Persistent Web Shell Access: The deployment of an RCE file (commonly a “Web Shell”) ensures that the attacker maintains access even if the initial entry point (such as a weak admin password or an unpatched plugin) is closed. This allows for long-term Data Draining and the use of the server as a node for sending spam or launching DDoS attacks.
• Identity and Phishing Risk: The exposure of names and phone numbers from a hospitality/tourism context is highly valuable for Spear-Phishing. Scammers can impersonate Gran Cabot staff to send fake “Booking Confirmation” updates or “Payment Refund” requests to trick users into providing credit card details.
• Reputational Sabotage: With admin access, the threat actor can modify the website’s content, inject malicious scripts that infect visitors’ devices (Drive-by Downloads), or redirect traffic to fraudulent phishing portals, causing irreparable damage to the Gran Cabot brand.

Mitigation Strategies

To contain the breach and secure the affected server environment, the following strategies are urgently recommended:

• Immediate Server Isolation and Forensic Cleanup: The hosting provider and Gran Cabot must isolate the compromised server. Conduct a deep scan of the filesystem to identify and remove the RCE web shell and any other unauthorized scripts (e.g., PHP backdoors, .htaccess redirects).
• Global Administrative Credential Rotation: Force a mandatory password reset for all administrative accounts, FTP/SFTP users, and database (MySQL) users. Implement Multi-Factor Authentication (MFA) for the CMS (e.g., WordPress or Joomla) and the hosting control panel (e.g., cPanel or Plesk).
• Vulnerability Patching and Hardening: Identify the initial attack vector—likely an outdated plugin, theme, or a “zero-day” in the CMS. Apply all security updates immediately and implement a Web Application Firewall (WAF) to block future RCE attempts.
• Cross-Tenant Security Audit: If you are one of the other 30 websites hosted on the same server, assume your data is also at risk. Audit your own files for “out-of-place” scripts and reset all credentials immediately.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From agile SMEs and global enterprises to national agencies, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities before they can be exploited. Whether you are protecting a local business or a government entity, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your citizens’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com