- Security researchers at Cybergenws found three servers that had a huge tranche of data about people in seven countries
- Names, ID numbers and more were leaked to the public
- The archives are now locked down
A quarter of a billion people located in seven countries around the world were at risk of identity theft, thread fraud, phishing, social engineering and other forms of cybercrime due to a collection of incorrectly configured databases that leak all kinds of personal information.
Security researchers from Cygenerws Recently, three incorrectly configured servers located in Brazil and the United Arab Emirates, which contained detailed personal information about more than 250 million people.
The population is apparently from Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico and Canada, with them in the first three hit particularly poorly when they lost “full spectrum” data.
“Identity profiles at government level”
Generally, the archives contained people’s ID numbers, birth dates, contact information and home addresses.
Cygenerws Could not determine who database owners are, but suspected it was a single device.
“It is likely that these databases were served by a single party because of the similar data structures, but there is no attribution to who checked the data or any harsh links proving that these cases belonged to the same party,” they explained.
The researchers also noticed how the data was structured that were pointed out against “identity profiles at government level”.
The team managed to get the archives locked by reaching out to hosting providers that prevented anyone else from entering. We do not know how long the database remained unlocked or if anyone managed to access it before Cygenerws team.
Information like this can be used in all sorts of cyber crime. Threateners can use it to emulate people and open bank accounts, take out loans and possibly even apply for tax cuts or returns. They could send convincing phishing -e emails, steal login information and turn to other tools including business accounts.
Misunderstood databases continue to be one of the most common causes of data leaks across the grid and cloud.
