[BreachExchange] Leaky database exposes tax records of 20 million Russians

Destry Winant destry at riskbasedsecurity.com
Wed Oct 2 00:00:58 EDT 2019


https://www.hackread.com/leaky-database-exposes-tax-records-of-20-million-russians/

A few months back, we saw the personal data of over 188 million people
leak due to an insecure MongoDB Database. Then in September 2019, we
saw the data of almost every Ecuadorian leaked in a massive data
breach. A similar incident has occurred now but with Russia.

According to a report by Comparitech, more than 20 million tax records
were found on an unprotected Amazon Web Services (AWS) Elasticsearch
Cluster with personally identifiable information of Russian Citizens
from 2009-2016. The timeline revealed provides an overview of how the
incident folded over the months:

In May 2018, the database was first found by search engines. This was
possible since it was unprotected, it would not be considered a part
of the deep web and hence indexable through the surface web.
On September 17, 2019, a security researcher named Bob Diachenko
notified the owner of the database based in Ukraine.
Finally, on September 20, 2019, it was taken offline due to the alert by Bob.

Evident from the timeline, we could safely say that the data remained
unexposed for over a year. Although it is not confirmed if the data
got into unauthorized hands, we do have information on the fact that
“the first database contained more than 14 million personal and tax
records from 2010 to 2016, and the second included over 6 million from
2009 to 2015.”

The following list of fields was found included among these records:

Name
Address
The Status of Residency
Passport Number
Phone Number
Tax ID Number
Tax Amount
Employer Details such as the name and phone number

We cannot determine whether anyone else accessed the data while it was
exposed. The owner, who we only know is based in Ukraine, did not
respond to our emails, wrote Comparitech’s reporter Paul Bischoff.

As observant, such information could successfully be used for
malicious purposes such as identity theft and phishing campaigns
presenting grave concerns over the irresponsibility showed by the
owner.

Currently, though, the guilty party has not been able to be identified
or contacted and how their fate will unfold in light of this still
remains a mystery.

For Russian citizens, it is imperative that they move to implement
stricter controls because it cannot be verified who exactly was
compromised among these millions and hence, everyone should take
precautions to avoid being conned because of the leaked data.


More information about the BreachExchange mailing list