Security researchers at Cybernews have identified three misconfigured servers holding personal data on more than 250 million individuals. The exposed information, including government-level identity profiles, originated from databases located in Brazil and the United Arab Emirates. This data leak placed a substantial number of people at risk of various cybercrimes.
The compromised data affected individuals across seven countries: Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico, and Canada. Those in Turkey, Egypt, and South Africa experienced the most extensive data loss, described as “full-spectrum” data exposure. The leaked information encompassed ID numbers, dates of birth, contact details, and home addresses.
Despite the discovery of the misconfigured servers, Cybernews researchers were unable to definitively identify the database owners. Analysis of the data structures, however, suggested the possibility that a single entity operated all three servers. As Cybernews stated, “It’s likely that these databases were operated by a single party, due to the similar data structures, but there’s no attribution as to who controlled the data, or any hard links proving that these instances belonged to the same party.”
The structure of the leaked data pointed towards what the researchers described as “government-level identity profiles.” This characterization suggests a high level of detail and comprehensiveness in the exposed personal information.
Upon discovering the vulnerability, Cybernews contacted the hosting providers to secure the exposed data. The hosting providers responded by locking down the archives, preventing further unauthorized access. The exact duration the databases remained unlocked prior to this intervention remains unknown, raising concerns about potential prior access by malicious actors.
The potential consequences of this data leak are significant. The leaked information can be exploited for various cybercrimes, including identity theft, wire fraud, phishing, and social engineering. Threat actors could impersonate victims to open fraudulent bank accounts, obtain unauthorized loans, or file illegitimate tax returns. Furthermore, the data could be used to craft highly convincing phishing emails, increasing the likelihood of successful credential theft and subsequent access to sensitive business accounts.
The incident underscores the persistent risk posed by misconfigured databases. These types of misconfigurations remain a leading cause of data leaks across web and cloud environments, highlighting the need for robust security measures and diligent monitoring to prevent unauthorized access to sensitive information.