Government

Unsecured Elasticsearch Server Exposes 20.8 Million User Records

10 - 17 September 2019

The personal data of most of Ecuador’s population have been left exposed online

The personal data of most of Ecuador’s population have been left exposed online due to a misconfigured Elasticsearch database. The exposed server is owned by an Ecuadorian consulting company known as Novaestrat but the data appears to have originated from the Ecuadorian government's civil registry. Besides the 20.8 million user records, the server also contains 7 million financial records and 2.5 million entries with car ownership details. Those affected may be subjected to scams, phishing attacks, identity theft, financial fraud and targeted attacks especially if the individual has high net worth.

 

References:

Report: Ecuadorian Breach Reveals Sensitive Personal Data

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence