The complete names, ID numbers and emails of more than 20.8 million Ecuadorians, some already deceased, are not the only ones that were exposed in the Web by security breach discovered by the firm vpnMentor. The researchers main of this filtration, Noam Rotem and Ran Locar, they gave details to the portal ZDNet about what was found in the bases.
The information is the collection of databases of public and private institutions of Ecuador and they were in a unsecured server Located in Miami (USA) belonging to the company Novaestrart– whose executives rendered a version in the Prosecutor’s Office for filtration-. Novaestrat is a consulting firm that provides services of strategic marketing, data analysis and software development.
According to ZDNet, which has catches of data that were exposed by the security breach, the information was in 18 GB, distributed in 10 indexeswhose pesos they vary between 44.9 kilobytes (kb) and 4.9 gigabytes. The heaviest base is described as "index-iess" (4.9 gigabytes), the second as "index-rcivil " (4.5 gigabytes) and the third as "index-family" (4.3 gigabytes).
Other indexes are identified as: "index-name" (1.9 gigabytes), "index-company-matrix" (1.1 gigabytes), "index-auto" (954.6 megabytes), "index-buro" (798.9 megabytes), "index-company" (228.2 megabytes), "index-biess" (87.2 megabytes) and finally "index-aeade" (468.2 kilobytes). The list also includes a folder named "_river" It weighs 44.9 kilobytes.
Based on the names of the indices, ZDNet concludes that the data have two origins. There is a part that was obtained from government sources and another that was obtained from private entities. However, most of it comes from the databases of the Ecuadorian Institute of Social Security (IESS) and the Civil Registry of Ecuador, as the folders They are the heaviest.
These bases, as ZDNet could verify that some of the contacts were contacted users whose data appeared there, are updated and have information about this 2019.
More than 50 personal data of Ecuadorians, exposed
ZDNet broadcast four catches with information on the data that was exposed. In the first one, the Civil Registry index is shown. As an example, President Lenín Moreno appears: it unfolds information As the ID number, full names, sex code, sex, place of birth registration, date of birthbirthplace code nationality, code of civil status, marital status, date of marriage, address code, calle del home, house number, date of registration of death, place of registration of death, date of death, deceased, code of instruction and code of profession.
The base includes data from 6.7 million children, some born in this 2019, according to ZDNet the number of items of data from minors, with the exception of those of recent years, agree with the public reports of the rate of natality from the country.
The year 2009 is the one with the highest number of minors data (546 147), but in the years 2016, 2017, 2018 and 2019 there are only 222, 182, 231 and 187 entries in the base respectively. However, between 2015 and 2016 there is already a drop in the data of minors at the base of 145 941 to 222.
| Year | Number of children |
|---|---|
| 2002 | 511,235 |
| 2003 | 498,561 |
| 2004 | 492,139 |
| 2005 | 491,148 |
| 2006 | 521,197 |
| 2007 | 528,335 |
| 2008 | 536,624 |
| 2009 | 546,147 |
| 2010 | 539,124 |
| 2011 | 542,050 |
| 2012 | 501,530 |
| 2013 | 467,604 |
| 2014 | 456,687 |
| 2015 | 145,941 |
| 2016 | 222 |
| 2017 | 182 |
| 2018 | 231 |
| 2019 | 187 |
Other information Important that was exposed by the gap belongs to the Bank of the Ecuadorian Institute of Social Security (Biess). Among the data found in this database are: identification number, operation, names, status, amount financed, balance, type of credit, term, province, canton, parish, telephone, cell phone and email.
That is, the reflected data shows information from the credits that people have obtained with the Biess, because in an example disseminated instead by vpnMentor you can observe the profile of a Username– whose identity has been protected – but who obtained a financing of USD 28,026.63 for one Individual finished housing. In total, ZDNet says the financial records of Seven million people.
Folder "index-family" It was one of the most awakened concern of the researchers of vpnMentor, because it exposes full names of the parents and partners of the individuals whose data were seen violated. The list reflects: ID, name (of the individual), ID of your mother, name of the mother, ID of the father, name of the father, ID of the spouse and name of the spouse.
Finally, of the examples shown by vpnMentor and by ZDNet, there is the folder "index-auto" which, according to reports, would contain data from the Association of Automotive Companies of Ecuador (Aeade), although there is another binder of smaller size that is called "index-aeade", whose information has not transcended.
The "index-auto" database contains information on the owners of the vehicles and their respective cars. The cars are identified by their models, chassis number, engine number, etc.
Among the data contained in this database are: identification card, identification card or RUC of the owner, Vehicle brand, vehicle model, class, number of chassis of the vehicle, number of engine of the vehicle, the CAMV number assigned to the car, its displacement, type of fuel, country of origin, passenger capacity, payload, code of the canton in which the car is, appraisal, sale value, year of the car, date of purchase and last date registration.
The capture of ZDNet shows, again reserving the identity of the owner, the data of a vehicle Hyundai Santa Fe seven passengers, five doors, with air conditioning and automatic traction. Its capacity is 3 300, its country of origin is South Korea. The car, of the year 2015, is valued at USD 47 994 and its sales value is USD 79 990. Its last registration was in June 2016 and was acquired in September 2015.
Although without a screenshot that reflects how the data is displayed, vpnMentor said it was also able to access "detailed" information about the job of people.
The signature does not specify in what binder these were included data. However, he revealed that he found the name of the employer, the address of the office, the RUC of the company, job title, salary information, start date of the work and date of termination of the contract.
| Civil registration | |
|---|---|
| Identification card | |
| Birth registration place | |
| Gender | |
| Date of birth | |
| Place of birth | |
| nationality | |
| Civil status | |
| Date of marriage | |
| Home | |
| House number | |
| Place of death registration | |
| Death Registration Date | |
| Date of death | |
| Passed away | |
| Education level | |
| Profession | |
| Biess | |
| State | |
| Amount financed | |
| Balance | |
| Type of credit | |
| Beneficiary | |
| Term | |
| Province | |
| Canton | |
| Parish | |
| Home phone | |
| Mobile | |
| Job | |
| Company | |
| Direction of job |
|
| Position | |
| Monthly salary | |
| Entry to work | |
| Aeade | |
| License plate | |
| Brand | |
| Model | |
| Class | |
| Chassis number | |
| Engine number | |
| Number of CAMV / RAMV |
|
| Cylinder | |
| Kind of fuel |
|
| Country of origin | |
| Capacity of passengers |
|
| Useful face | |
| Canton Code Where is the car |
|
| Appraisal | |
| Sale value | |
| Year | |
| Date of purchase | |
| Last date enrollment |
|
| Family relationship: Mother | |
| Family relationship: Father | |
| Family relationship: Spouse |
Additionally it was possible to access information from Business Among which is the RUC of the firm, its address, the contact phone number, the name of the legal representative of each company and the contact information of its legal representative.
Source link
https://www.elcomercio.com/tendencias/detalles-datos-ecuatorianos-expuestos-brecha.html
