Cybersecurity researchers Noam Rotem and Ran Locar at vpnMentor have uncovered a terrifying personal data leak. They found in the public domain personal data of all Ecuador residents.
According to rough estimates, personal information of the entire population of Ecuador was compromised.According to experts, 20.8 million records, with total size of 18 GB, lay in open form on a server located in Miami. The server appears to be owned by Ecuadorian company Novaestrat.
Novaestrat is a consulting company that provides services in data analytics, strategic marketing, and software development.
It is known that the population of Ecuador is 16.6 million – therefore, experts suggested that the data of all residents of the South American country turned out to be compromised.
“Most of the affected citizens live in Ecuador. However, it was not possible to find out the details at this stage. Apparently, the open database contained information obtained from external sources. One of these sources could be state registries and the National Bank of Ecuador”, – reported in the vpnMentor report.
Individuals in the database are identified by a ten-digit identification code. In some places in the database, the same ten-digit code is called “cedula” and “cedula_ruc”. To verify the authenticity of the database, the researchers launched a search with a random identification number. By doing this, they were also able to find a variety of confidential personal information.
Interestingly, among the leaked data was information about Julian Assange.
In 2012, Assange received political asylum in Ecuador and lived at the Ecuadorian Embassy in London until April 2019. British law enforcement officials arrested Assange at the embassy after Ecuador withdrew the decision to grant political asylum, claiming Assange repeatedly violated their conditions.
Read also: Iranian hacker group Cobalt Dickens attacked over 60 universities around the world
The unprotected database contained a whole range of various information, including: full name, gender, date and place of birth, home address, email address, phone numbers (both work and home with mobile ones), education, date of marriage, date death (if any), job information.
Once data has been exposed to the world, it can’t be undone. The database is now closed, but the information may already be in the hands of malicious parties.
This kind of data breach could have been prevented with some basic security measures. No matter what the size of your company is, you should always use the following security practices:
- Secure your servers
- Implement appropriate access rules
- Require authentication to access all systems
User Review
( votes)
