Photos: Personal Data of Assange, Ecuador’s Entire 16.6 Million Leaked Online

© REUTERS / Kacper Pempel/IllustrationA hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017 - Sputnik International
Subscribe
US
India
Global
The personal information of almost every single person in Ecuador, as well as that of WikiLeaks founder Julian Assange, has been leaked through a major database breach, according to two security researchers who work for web privacy firm vpnMentor.

The breach, which was uncovered by Noam Roten and Ran Locar, leaked around 20.8 million records in 18 gigabytes of data of Ecuadorians’ personal information. The breach occurred through an unsecured server located in Miami, Florida, according to a recent blog post by vpnMentor. The server appears to be owned by Ecuadorian consulting company Novaestrat.

The entire population of Ecuador is about 16.6 million. Some of the data entries may thus be duplicates or “involve individuals who are already deceased,” according to the blog post.

“The majority of the affected individuals seem to be located in Ecuador. Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank,” the vpnMentor blog post reads. 

© Screenshot/vpnMentorExample of typical entry
Photos:  Personal Data of Assange, Ecuador’s Entire 16.6 Million Leaked Online  - Sputnik International
Example of typical entry

Individuals in the database were identified by their “cedula,” which refers to an Ecuadorian’s 10-digit national identification number. Other examples of leaked personal information included the “RUC,” which is a person’s taxpayer identification number, according to the report, as well as full name, gender, date of birth, place of birth, home address, email address, home, work and cell phone numbers, marital status, date of marriage, date of death and level of education. 

© Screenshot/vpnMentorExample of financial information leaked
Photos:  Personal Data of Assange, Ecuador’s Entire 16.6 Million Leaked Online  - Sputnik International
Example of financial information leaked

The entries also included information about people’s family members, such as the full names of a person’s mother, father and spouse, as well as each one of their “cedulas.” 

© Screenshot/vpnMentorExample of leaked information regarding family members
Photos:  Personal Data of Assange, Ecuador’s Entire 16.6 Million Leaked Online  - Sputnik International
Example of leaked information regarding family members

Some of the entries even included financial information related to bank accounts with Biess, the Ecuadorian national bank. Examples of such entries included account status, current account balance, amount financed and credit type, as well as “location and contact information for the person’s local Biess branch,” according to the blog post. Other parts of the database disclosed detailed employment information such as an employer’s name, employer location, employer tax identification number, job title, salary details and even job start and end dates. 

© Screenshot/vpnMentorLeaked information on WikiLeaks founder Julian Assange
Photos:  Personal Data of Assange, Ecuador’s Entire 16.6 Million Leaked Online  - Sputnik International
Leaked information on WikiLeaks founder Julian Assange

The leaked records also included an entry for Assange, which contained a “cedula” value associated with him. Assange was granted political asylum by Ecuador in 2012. He stayed in the country’s embassy in London until April 2019, when Ecuador ended his asylum, claiming he violated its terms.

VpnMentor closed the breach on September 11. However, the firm warned that once data is “exposed,” it “can’t be undone.”

“The database is now closed, but the information may already be in the hands of malicious parties. This kind of data breach could have been prevented with some basic security measures. No matter what the size of your company is, you should always use the following security practices: Secure your servers, implement appropriate access rules, require authentication to access all systems,” vpnMentor counseled.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала