Ecuador: A Nation Hacked

Uploaded on 2019-09-20 in TECHNOLOGY--Hackers, GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW

The personal data of every citizen of Ecuador has been leaked online in a catastrophic data breach.  The names, phone numbers, and financial information of approximately 17 million Ecuadoreans were found on an unsecured cloud server by researchers working on a web-mapping project at security company vpnMentor.

The Ecuadorian government’s police force has now arrested a senior executive of data analytics firm Novaestrat in connection with the massive data breach.

Police raided Novaestrat's office and have apprehended William Roberto G., the company's legal representative, in his office.
The authorities claimed that Novaestrat, a small online data consulting firm based in the city of Esmeraldas, was not authorised to be in possession of the vast amount of data it had, adding that there’s sufficient grounds to charge the company and its executives with the violation of privacy of people and disseminating personal data without authorisation.

The officials added that they were investigating how Novaestrat was able to gather such a large amount of confidential, personal data. 

Initial findings of the probe suggested that the company didn't hack any government server and likely gained access to the data between 2015 and 2017, when it received several government contracts. This enormous 18GB cache of data included personal information relating to individuals who were deceased as well as to the country's living population of 17 million. Personal information relating to 6.7 million Ecuadorean children was among the data leaked.

Exposed files revealed a large amount of sensitive personally identifiable information, such as family records, marriage dates, education histories, employment records, and official ten-digit government ID numbers.

"This data breach is particularly serious simply because of how much information was revealed about each individual," Noam Rotem and Ran Locar wrote from vpnMentor. "Scammers could use this information to establish trust and trick individuals into exposing more information." 

Tax records and financial records revealing the account balances of customers of a large Ecuadorean bank were among the data breached. 

Rotem and Locar wrote, "Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank."

A simple search of the leaked data would enable anyone to put together a list of wealthy Ecuadoreans that would be the envy of kidnappers everywhere. 

Taken as a whole, the data revealed not just who had large amounts of money in the bank but also where they lived, if they were married, if they had children, what cars they drove, and the license plates of their vehicles. Within the leaked records researchers also found an entry and national identification number for WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012. 

Rotem and Locar found the exposed data in a number of files saved on a server located in Miami, Florida, which was set up and maintained by the Ecuadorian marketing and analytics company.

After discovering the data cache, vpnMentor contacted Novaestrat. The Ecuador Computer Emergency Security Team restricted access to the unsecured server on September 11, 2019.  The breach follows a similar incident that took place recently in another South American country. In August this year, a server was found that exposed the voter records of 80% of Chile's 14.3 million citizens.

Infosecurity:        Computing

You Might Also Read:

Bermuda Super Rich Hack:

 

 


 

 

« AI - Driven Warfare Using Robots
The Technology Of Human Robotics »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Progress Flowmon

Progress Flowmon

Progress Flowmon (formerly Flowmon Networks) provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Central Intelligence Agency (CIA) - USA

Central Intelligence Agency (CIA) - USA

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.