Data leak exposes sensitive data of all Ecuador ‘citizens

Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens.

Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens.

Data were left unsecured online on a misconfigured Elasticsearch server, exposed data includes full PII, marital status and date of marriage, level of education, financial info, and more.

Maybe this is the largest full-country leak, it affects the whole country and the exposure of such data pose a severe threat to Ecuadorian citizens.

“vpnMentor’s research team has found a large data breach that may impact millions of individuals in Ecuador. The leaked database includes over 20 million individuals.” reads the post published by vpnMentor.

“Led by Noam Rotem and Ran Locar, our team discovered the data breach on an unsecured server located in Miami, Florida. The server appears to be owned by Ecuadorian company Novaestrat.“

Leaked data include citizens’ financial records and car registration information.

The personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.

The server contained a total of 20.8 million user records (18 GB of data), more than the country’s total population (16.6 million), likely due to the presence of duplicate records and data of deceased citizens.

The analysis of the indexes revealed that the database is composed of data gathered from government sources (most from Ecuadorian government) and data gathered from private databases.

“Individuals in the database are identified by a ten-digit ID code. In some places in the database, that same ten-digit code is referred to as “cedula” and “cedula_ruc”.” continues the post.

“In Ecuador, the term “cédula” or “cédula de identidad” refers to a person’s ten-digit national identification number, similar to a social security number in the US.

The term “RUC” refers to Ecuador’s unique taxpayer registry. The value here may refer to a person’s taxpayer identification number.”

The experts found within the leaked records an entry for WikiLeaks founder Julian Assange that also includes the “cedula.”

Experts also found million of entries for children under the age of 18 that contained names, cedulas, places of birth, gender, home addresses.

The data base was secured on September 11, 2019, after vpnMentor notifies its discovery to the Ecuador CERT (Computer Emergency Response Team) team.

Give a look at the full report at https://www.vpnmentor.com/blog/report-ecuador-leak/

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Ecuador, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.