Ecuador: A Nation Hacked

Uploaded on 2019-09-20 in TECHNOLOGY--Hackers, GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW

The personal data of every citizen of Ecuador has been leaked online in a catastrophic data breach.  The names, phone numbers, and financial information of approximately 17 million Ecuadoreans were found on an unsecured cloud server by researchers working on a web-mapping project at security company vpnMentor.

The Ecuadorian government’s police force has now arrested a senior executive of data analytics firm Novaestrat in connection with the massive data breach.

Police raided Novaestrat's office and have apprehended William Roberto G., the company's legal representative, in his office.
The authorities claimed that Novaestrat, a small online data consulting firm based in the city of Esmeraldas, was not authorised to be in possession of the vast amount of data it had, adding that there’s sufficient grounds to charge the company and its executives with the violation of privacy of people and disseminating personal data without authorisation.

The officials added that they were investigating how Novaestrat was able to gather such a large amount of confidential, personal data. 

Initial findings of the probe suggested that the company didn't hack any government server and likely gained access to the data between 2015 and 2017, when it received several government contracts. This enormous 18GB cache of data included personal information relating to individuals who were deceased as well as to the country's living population of 17 million. Personal information relating to 6.7 million Ecuadorean children was among the data leaked.

Exposed files revealed a large amount of sensitive personally identifiable information, such as family records, marriage dates, education histories, employment records, and official ten-digit government ID numbers.

"This data breach is particularly serious simply because of how much information was revealed about each individual," Noam Rotem and Ran Locar wrote from vpnMentor. "Scammers could use this information to establish trust and trick individuals into exposing more information." 

Tax records and financial records revealing the account balances of customers of a large Ecuadorean bank were among the data breached. 

Rotem and Locar wrote, "Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank."

A simple search of the leaked data would enable anyone to put together a list of wealthy Ecuadoreans that would be the envy of kidnappers everywhere. 

Taken as a whole, the data revealed not just who had large amounts of money in the bank but also where they lived, if they were married, if they had children, what cars they drove, and the license plates of their vehicles. Within the leaked records researchers also found an entry and national identification number for WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012. 

Rotem and Locar found the exposed data in a number of files saved on a server located in Miami, Florida, which was set up and maintained by the Ecuadorian marketing and analytics company.

After discovering the data cache, vpnMentor contacted Novaestrat. The Ecuador Computer Emergency Security Team restricted access to the unsecured server on September 11, 2019.  The breach follows a similar incident that took place recently in another South American country. In August this year, a server was found that exposed the voter records of 80% of Chile's 14.3 million citizens.

Infosecurity:        Computing

You Might Also Read:

Bermuda Super Rich Hack:

 

 


 

 

« AI - Driven Warfare Using Robots
The Technology Of Human Robotics »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Smarttech247

Smarttech247

Smarttech247 deliver a range of cyber security solutions, including cognitive security services using IBM Watson for Cybersecurity, SIEM, Compliance & Governance, and Penetration Testing.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.