vpnMentor’s research team has found a large data breach that may impact millions of individuals in Ecuador.
The leaked database includesover 20 million individuals.
The server appears to beowned by Ecuadorian company Novaestrat.
Novaestrat is a consulting company that provides services in data analytics, strategic marketing, and software development.
The data breach involves alarge amount of sensitive personally identifiable information at the individual level.
The majority of the affected individuals seem to be located in Ecuador.
Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources.
The breach was closed on September 11, 2019.
Example of Entries in the Database
The data breach involves around18 GB of data.
Individuals in the database are identified by a ten-digit ID code.
In some places in the database, that same ten-digit code is referred to as cedula and cedula_ruc.
The term RUC refers to Ecuadors unique taxpayer registry.The value here may refer to a persons taxpayer identification number.
to get to check the validity of the database, we ran a search with a random ID number.
By doing this, we were also able to find a variety of sensitive personal information.
For each entry, we were able to view thefull name of their mother, father, and spouse.
We were also able to view each family members cedula value,which may be a national identification number.
In another part of the database, we founddetailed employment information.
Entry for Julian Assange
Within the leaked records, we found an entry forWikiLeaks founder Julian Assange.
In 2012, Assange was granted political asylum by Ecuador.
Assange resided in the Ecuadorian embassy in London up until April of 2019.
Some of the exposed information may be sensitive.
The database also listedeach companys legal representativeand provided their detailed contact information.
This information leaves individualsat risk of email and phone scams.
This data breach is particularly serious simply because of how much information was revealed about each individual.
Scammers could use this information toestablish trust and trick individuals into exposing more information.
They could back up the story with exposed personal information to build trust.
Most concerningly,the leaked data seems to include national identification numbers and unique taxpayer numbers.
This puts people at risk ofidentity theft and financial fraud.
Additionally, access to automotive details can assist criminals in identifying specific vehicles and their owners address.
Impact on Companies in Ecuador
The data breach could also have an impact on Ecuadorian companies.
The leaked data included information about many companies employees, as well as details about some companies themselves.
These companies may be at risk ofbusiness espionage and fraud.
Knowledge of a companys employees could help competitors or other malicious parties gather additional sensitive company data.
Advice from the Experts
Once data has been exposed to the world, it cant be undone.
The database is now closed, butthe information may already be in the hands of malicious parties.
This kind of data breach could have been prevented with some basic security measures.
Once a data breach is found, our team links the database back to the owner.
As ethical hackers and researchers,we never sell, store, or expose the information we encounter.
Our goal is to improve the overall safety and security of the internet for everyone.
About Us and Previous Reports
vpnMentoris the worlds largest VPN review website.
We recently discovered amassive fraud internet targeting Groupon and online ticket vendors.
We also found adata breach in the email platform used by a South Korean company, DKLOK.
yo, comment on how to improve this article.
