New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Almost Every Ecuadorian Citizens Data Leaked in Unprotected Elasticsearch Database

Researchers have discovered an Elasticsearch database belonging to an Ecuadorian consulting company by the name of Novaestrat. In this database was nearly 18 GB of data which resulted in around 18 million Ecuadorian citizens having their information publicly available. It appears as if the information came from third-party sources such as Ecuadorian government registries, an automotive association called Aeade, an Ecuadorian national bank named Biess, and an entry for WikiLeaks founder Julian Assange was even included. The information included names, gender, dates of birth, place of birth, addresses, email addresses, phone numbers, marital status, date of marriage if married, date of death if deceased, and educational details. Biess, the Ecuadorian national bank, had financial information relating to their clients exposed as well. This left account status, the current balance in the account, amount financed, credit type, location, and contact information exposed. Information pertaining to the exposed person’s family members such as the names of their mother, father, and spouse along with their “cedula” value, which may be a national identification number was also included. Automotive records such as car license plate numbers, make, model, date of purchase, most recent date of registration, and other technical details about the model. Individual’s detailed employment information including employer name, employer location, employer tax identification number, job title, salary information, job start date, and end date was also revealed. Details related to various companies in Ecuador were also included in the database, which could cause these businesses to fall victim to fraud and business espionage. It is unclear how long the information was exposed and who got their hands on it, but the company that the database belonged to was contacted and they secured the database almost immediately.

Analyst Notes

Since such a large amount of information was included, users could become targets for identity fraud amongst other scam and fraud efforts. To protect themselves from this, users will want to keep a close watch on their accounts and watch for suspicious activity. If any is noticed they should report it to the proper entities. As always, a password change on all accounts that could have been affected is recommended as well.