- Cybernews safety researchers have found three servers that hold a huge slice of data on people in seven countries
- Names, identification numbers, and more, were disclosed to the public
- The archives are now locked
A quarter of a billion people, located in seven countries around the world, risked identity theft, wire fraud, phishing, social engineering and other forms of cybercrime due to a collection of poorly configured databases fleeing all kinds of personal information.
Safety researchers of Cyberness Recently found three erroneous servers, located in Brazil and the United Arab Emirates which contained detailed personal information on more than 250 million people.
People are apparently from Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico and Canada, with those of the first three particularly badly struck, because they have lost data with “full specter”.
“Identity profiles at government level”
In general, the archives contained the identification numbers of people, birth dates, contact details and personal addresses.
Cyberness I could not determine who the owners of databases were, but suspected that it was a single entity.
“It is likely that these databases were used by a single part, due to similar data structures, but there is no award for which controls the data, or hard ties proving that these cases belonged to the same party,” they explained.
The researchers also noted the way the data was structured pointed at “identity profiles at the government level”.
The team managed to have the archives locked by reaching out to the accommodation suppliers, who prevented anyone from entering. We do not know how long the database has remained unlocked, or if someone managed to access it before Cyberness team.
Information like this can be used in all kinds of cybercriminals. Threat actors can use it to usurp the identity of people and open bank accounts, contract loans and perhaps even request tax reductions or yields. They could send convincing phishing emails, steal connection identification information and rotate other tools, including business accounts.
The poorly configured databases remain one of the most common causes of data leaks on the web and the cloud.
