- Cybernews security researchers found three servers who had a large section of data on people in seven countries.
- The names, the identification numbers and more were filtering the public
- The files are now blocked
A quarter of one billion people, located in seven countries around the world, ran the risk of identity theft, cable fraud, phishing, social engineering and other forms of cyber crime due to a collection of poorly configured databases that filter all kinds of personal information.
Security researchers Cybernews Recently they found three poorly configured servers, located in Brazil and the United Arab Emirates containing detailed personal information about more than 250 million people.
Apparently, people are from Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico and Canada, with those of the first three particularly affected, since they lost data of “complete spectrum”.
“Identity profiles at the government level”
In general terms, files contained people identification numbers, birth dates, contact data and housing addresses.
Cybernews He could not determine who the owners of the database are, but he suspected that it was a unique entity.
“It is likely that these databases were operated by a single part, due to similar data structures, but there is no attribution about who controlled the data, or any difficult link that demonstrates that these instances belonged to the same part,” they explained.
The researchers also pointed out the way in which the data indicated towards the “identity profiles at the governmental level” were structured.
The team managed to have blocked files when arriving at accommodation suppliers, which prohibited any other person from entering. We do not know how long the database remained unlocked, or if someone managed to access it before Cybernews equipment.
Information like this can be used in all types of cyber crime. Threat actors can use it to impersonate open people and bank accounts, receive loans and possibly even request cuts or tax returns. They could send convincing phishing emails, steal login credentials and pivot other tools, including commercial accounts.
The poorly configured databases remain one of the most common causes of data leaks on the web and cloud.
