Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens.
Data were left unsecured online on a misconfigured Elasticsearch server, exposed data includes full PII, marital status and date of marriage, level of education, financial info, and more.
Maybe this is the largest full-country leak, it affects the whole country and the exposure of such data pose a severe threat to Ecuadorian citizens.
“Led by Noam Rotem and Ran Locar, our team discovered the data breach on an unsecured server located in Miami, Florida. The server appears to be owned by Ecuadorian company Novaestrat.
Leaked data include citizens’ financial records and car registration information.
The personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.
The server contained a total of 20.8 million user records (18 GB of data), more than the country’s total population (16.6 million), likely due to the presence of duplicate records and data of deceased citizens.
The analysis of the indexes revealed that the database is composed of data gathered from government sources (most from Ecuadorian government) and data gathered from private databases.
“Individuals in the database are identified by a ten-digit ID code. In some places in the database, that same
“In Ecuador, the term “cédula” or “cédula de identidad” refers to a person’s ten-digit national identification number, similar to a social security number in the US.
The term “RUC” refers to Ecuador’s unique taxpayer registry. The value here may refer to a person’s taxpayer identification number.”
The experts found within the leaked records an entry for WikiLeaks founder Julian Assange that also includes the “
Experts also found million of entries for children under the age of 18 that contained names,
The data base was secured on September 11, 2019, after