Researchers have discovered an Elasticsearch database belonging to an Ecuadorian consulting company by the name of Novaestrat. In this database was nearly 18 GB of data which resulted in around 18 million Ecuadorian citizens having their information publicly available. It appears as if the information came from third-party sources such as Ecuadorian government registries, an automotive association called Aeade, an Ecuadorian national bank named Biess, and an entry for WikiLeaks founder Julian Assange was even included. The information included names, gender, dates of birth, place of birth, addresses, email addresses, phone numbers, marital status, date of marriage if married, date of death if deceased, and educational details. Biess, the Ecuadorian national bank, had financial information relating to their clients exposed as well. This left account status, the current balance in the account, amount financed, credit type, location, and contact information exposed. Information pertaining to the exposed person’s family members such as the names of their mother, father, and spouse along with their “cedula” value, which may be a national identification number was also included. Automotive records such as car license plate numbers, make, model, date of purchase, most recent date of registration, and other technical details about the model. Individual’s detailed employment information including employer name, employer location, employer tax identification number, job title, salary information, job start date, and end date was also revealed. Details related to various companies in Ecuador were also included in the database, which could cause these businesses to fall victim to fraud and business espionage. It is unclear how long the information was exposed and who got their hands on it, but the company that the database belonged to was contacted and they secured the database almost immediately.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.