New attack analysis: What you need to know about the Endesa data breach

Outpost24 analyzed an alleged January 2026 Endesa breach in which a threat actor offering aliases “glock”/“spain” advertised a Salesforce-origin dataset of over 20 million customers containing identity, contractual and payment details; the report attributes likely initial access to compromised legitimate credentials enabling backend/API exports, documents the actor's forum and Telegram activity, assesses dataset filenames/structure as consistent with CRM/Data Cloud exports, and recommends continuous credential exposure monitoring, token revocation, and tighter IAM controls.