Massive database containing identity info on 252 million people leaked online - here's what we know

News
By published

The database could have been created by a single entity

Data leak
(Image credit: Shutterstock)
  • Security researchers at Cybernews found three servers holding a huge tranche of data on people in seven countries
  • Names, ID numbers, and more, were being leaked to the public
  • The archives are now locked down

A quarter of a billion people, located in seven countries around the world, were at risk of identity theft, wire fraud, phishing, social engineering, and other forms of cybercrime due to a collection of misconfigured databases leaking all sorts of personal information.

Security researchers from Cybernews recently found three misconfigured servers, located in Brazil and the United Arab Emirates which contained detailed personal information on more than 250 million people.

The people are apparently from Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico, and Canada, with those in the first three hit particularly badly, as they lost “full-spectrum” data.

"Government-level identity profiles"

Generally speaking, the archives contained people’s ID numbers, dates of birth, contact details, and home addresses.

Cybernews could not determine who the database owners are, but suspected it was a single entity.

“It's likely that these databases were operated by a single party, due to the similar data structures, but there’s no attribution as to who controlled the data, or any hard links proving that these instances belonged to the same party,” they explained.

The researchers also noted the way the data was structured pointed towards “government-level identity profiles”.

The team managed to have the archives locked down by reaching out to the hosting providers, who barred anyone else from entering. We don’t know for how long the database remained unlocked, or if anyone managed to access it before the Cybernews team.

Information such as this can be used in all sorts of cybercrime. Threat actors can use it to impersonate people and open bank accounts, take out loans, and possibly even apply for tax cuts or returns. They could send out convincing phishing emails, stealing login credentials and pivoting to other tools, including business accounts.

Misconfigured databases remain one of the most common causes of data leaks across the web and the cloud.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.