[BreachExchange] Argentinian Government Site Suffers Major Breach, Personal Information Exposed

Inga Goddijn inga at riskbasedsecurity.com
Wed Dec 7 18:04:55 EST 2016


http://news.softpedia.com/news/argentinian-government-site-suffers-major-breach-personal-information-exposed-510780.shtml

*The official website of the Argentinian Ministry of Industry (Ministerio
de Produccion) suffered a major breach that exposed not only private *
*documents,** but also personal information and contact details of a big
number of individuals.*

The website, produccion.gob.ar, was hacked by Kapustkiy and Kasimierz L.
who managed to breach it after getting access to an administrator account.

Softpedia was provided with evidence that access to the admin panel was
indeed obtained, which in its turn offered access to personal information
of employees and documents belonging to the ministry which weren’t
otherwise supposed to be exposed.

We can confirm that details such as names, home addresses, emails, Facebook
and Twitter accounts, and phone numbers were accessed as part of the breach
and Kapustkiy told us that he estimates that approximately 18,000 accounts
were exposed.

What’s important to note, however, is that Kapustkiy doesn’t plan to leak
the information, so although so many details were accessed following the
hack, individuals whose details were included in these databases are fully
secure.

The ministry has already been contacted and informed about the breach, but
no response has been offered by the time this article was published.
Shockingly easy-to-guess password

As far as the method of breaching is concerned, Kapustkiy said that they
didn’t use a typical SQL injection, but a different approach which he
refused to disclose. We were, however, provided with a look at the
administrator account and we can confirm that the used password is
shockingly easy to guess – we can’t disclose any details on this for
obvious reasons.

But given the fact that it’s the official website of a ministry, it’s
worrying to say the least that administrator accounts are protected with so
weak passwords, especially when taking into account that they include
databases with personal information of so many people.

For the moment, the website is still up and running, but expect IT admins
to take down in the coming days when they acknowledge the breach. Kapustkiy
said he was able to download all files they had on their servers after
accessing the admin panel, so it’s very clear that site admins need to deal
with this as soon as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161207/847bd805/attachment.html>


More information about the BreachExchange mailing list