Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security Technology

Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children (zdnet.com) 11

The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet reported Monday. From the report: The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens. The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.
This discussion has been archived. No new comments can be posted.

Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children

Comments Filter:
  • by Ecuador ( 740021 ) on Monday September 16, 2019 @11:10AM (#59199608) Homepage

    Not only does this breach contain virtually all government records for citizens including children born as late as spring 2019, but even 7 million financial records from private institutions. It seems the data was collected by a rather shady company called Novaestrat.

  • leak? (Score:3, Insightful)

    by GoTeam ( 5042081 ) on Monday September 16, 2019 @11:13AM (#59199626)
    Can you really call it a leak if there is no proof that anyone has accessed this data other than the people reporting it? I understand that a leak is a leak even if nothing is leaking (that was fun to write), but when you talk about a data breach or data leak it usually implies that the data has been taken by someone who will try to exploit the data for money or revenge. Also, my grammar isn't very good, but this article seems to have been written by a non-English speaker.
    • I doubt that the people who've made off with the data who also have nefarious plans in mind for it wouldn't be in any hurry to announce this to the rest of the world. All it takes is for one person to grab a copy and that's it. I wouldn't be at all surprised if there weren't multiple torrents for the whole data set up already. Some might view it as a slightly irresponsible for a news source to publish the location of the files in much the same way that it would be frowned upon if an article talking about a
    • Also, my grammar isn't very good, but this article seems to have been written by a non-English speaker.

      Your grammar is fine. And you can spell. Both of which are good things in my book.

      And you seem to be correct that the article is written by either a non-English speaker, a semi-literate dolt, or both...

    • Speaking of leaks . . . I wonder if any of Ecuador's data on Julian Assange was "leaked" . . . ?

      That would be ironically amusing.

    • by EvilSS ( 557649 )
      Unless they can definitively show that it wasn't accessed by anyone else, then you have to treat it like it was. Hope for the best, plan for the worst.
  • by DidgetMaster ( 2739009 ) on Monday September 16, 2019 @11:13AM (#59199628) Homepage
    We need some kind of measurement that reflects what kind of data is leaked? Was it just info that is easily found on other public websites like names and addresses? Was it useless information, like a password to some throwaway email account? Was it really important info like a bank account number with credentials for logging in? Maybe we could come up with something like the Richter scale for measuring earthquakes. A 4.0 is nothing to write home about. A 9.0 is mass destruction. Right now, the only thing released is the number of users affected which makes great headlines, but doesn't really tell you anything about the severity.
    • A lot of it was publicly available data from government sources. Anyone who wanted this could have looked it up or requested it. However, there was also some private financial data included with those other records which had account numbers, balances, and other details that not just anyone would be able to request.

      Right now, the only thing released is the number of users affected which makes great headlines, but doesn't really tell you anything about the severity.

      Well that's the press for you today, but they likely lack the competence to make that kind of judgement about the severity. Better that they interview security firms or researchers and report on w

  • If more parents would have heeded this advice [xkcd.com] then someone might have learned a lesson sooner before the data was exposed.

You are always doing something marginal when the boss drops by your desk.

Working...