A recent data leak discovered by vpnMentor security researchers and reported by The Register includes most of Ecuador’s 16.6 million population, including 6.7 million children.
The size of the data leak actually totals around 20.8 million user records once duplicate records and even records of deceased persons are factored in.
Most of the data appears to have come from the Ecuadorian government’s civil registry and included personal data to the effect of full names, dates of birth, address details, national identification numbers, marital status, phone numbers, education levels and even bank details such as current balances.
The data also included family trees, civil registration data, financial and employment details and also data on car ownership, with financial data believed to be imported from Banco del Instituto Ecuatoriano de Seguridad Social (BIESS) and car ownership details believed to have come from Asociación de Empresas Automotrices del Ecuador (AEADE).
The source of the leak is reported to be a marketing analytics company, Novaestrat based in Ecuador, although the data was reportedly held on an Elasticsearch server based in Miami.
Although the data has since been secured in collaboration with the Ecuador Computer Emergency Response Team it is unclear currently as to if the data has been used maliciously or exactly who has accessed this data.
Obviously with the level of detail held in this data a lot of harm could be done. Let’s just hope this incident was responded to in time.
As always, if you require any more information on this topic or want to see what vulnerabilities AppCheck can pick up in your website and applications then please get in contact with us: firstname.lastname@example.org
No software to download or install.
Contact us or call us 0113 887 8380