Data of Julian Assange, founder of Wikileaks was also found in this breach who lived in the Ecuadorian embassy in London since 2012 till April this year after being granted asylum initially.
When companies like Facebook can suffer data breaches, it is a good idea for smaller firms to step up their security game. This advice unbeknownst to an Ecuadorian data analytics firm named Novaestrat has resulted in the leakage of the personal information of over 20 million people – inclusive of 7 million children – due to an insecure server.
The data includes their full names, national identity card numbers, tax identification numbers, dates of birth, email addresses, phone numbers, information of family members, employment information and other sensitive information.
It is reported that the information apparently came from outside sources which could involve the Ecuadorian government registries, automotive associations, and a national bank as well.
See: Verifications.io breach: Database with 2 billion records leaked
Alarming is the fact that Ecuador’s population currently numbers near 16.5 million people. With the breach exposing the data of 20 million, it is likely that the country’s entire population may have been compromised. The additional records may be of people from other countries but this is yet to be confirmed as duplicated records are also a possibility.
See: Personal & banking data of 120 million Brazilians leaked online
VpnMentor, the company that found out about the breach did so through one of its routine operations finding the insecure server in Miami, Florida.
An interesting aspect is that the data of Julian Assange – the founder of Wikileaks – was also found in this breach who lived in the Ecuadorian embassy in London since 2012 till April this year after being granted asylum initially.
This may hint that the additional 3.5 million records can also be of overseas Ecuadorians if other possibilities are excluded as discussed above.
Currently, national authorities have arrested the firm’s manager seizing his electronic equipment with the president promising to introduce legislation for greater data security. It is to be noted that the breach was closed on September 11, a week ago but as they say, once it is on the internet, it stays there forever.
Esta tarde / noche la @PoliciaEcuador realizó el allanamiento del local señalado como domicilio de #Novaestrat que es además el domicilio de uno de sus directivos.
Allanamiento se hizo con orden de juez en el marco de la investigación que conduce @FiscaliaEcuador pic.twitter.com/toD79a1FDO
— María Paula Romo (@mariapaularomo) September 17, 2019
Moreover, it is not known yet how much data may have been downloaded by the black hat community or even intelligence agencies who can make considerable use of such data.
See: 773 million records with emails & plain text passwords leaked online
The takeaway from this is that those who were potentially compromised now need to be on the lookout against phishing attacks among other attack methods. Additionally, care should be taken to add layers of authentication and changing the passwords of every service as that would make it harder for attackers to conduct attacks despite having critical information.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.