Twenty million people had their personal data leaked online through a misconfigured Equadorian database.
The breach was discovered by vpnMentor’s research team who scan ports for vulnerabilities in databases.
A staggering amount of information was freely available in plain text including the full names, gender, date and place of birth, home and email addresses, phone numbers, family members, and detailed employment information of individuals linked to national and taxpayer identification numbers.
Of the 20 million database entries, around 7 million were children.
Ecuador has a population of nearly 17 million people.
VpnMentor traced the 18GB database of highly sensitive information to a US-based server for an Ecuadorian analytics company called Novaestrat.
William Roberto G., president of Novaestrat, was detained by Ecuadorian authorities on Monday night.
The database even included an entry for Australian Wikileaks founder Julian Assange who lived in Ecuador’s London embassy between 2012 and April this year.
Database entry for Julian Assange. Source: vpnMentor
Authorities did not confirm whether or not the database had been illegally accessed before the vulnerability was fixed last week.
Professor of Cyber Security at Deakin University, Matt Warren, told Information Age the breach put Ecuadorians at significant risk of cyber crime.
“It’s certainly a major cyber safety issue,” he said. “There’s going to be issues around targeted scams and identity theft using this information.
“In certain breaches where your passwords or email addresses are disclosed, you can can change email addresses, change your password and add in two-factor authentication.
“But when it’s such personal info about where you live, work, and who your family members are — you can’t change that as easily.
“All of a sudden there’s a lot of info about Ecuador’s citizens that’s been released that simply cannot be changed.”
Warren thinks Australians are unlikely to find themselves on the receiving end of a data breach this size.
“Partly the reason for that is Australia’s model of Federation,” he said. “That means data about Australian citizens actually sits at the state level as well as federal level.
“We also have a national cyber security strategy that’s being updated and both federal and state governments are spending a lot of time and resources on appropriate security controls for public data.”
Initiatives like developing a data sharing framework also aim at mitigating the effects of a massive breach.
But the aims of legislation like the Identity Matching Services Bill that is currently before parliament may be a cause for concern.
“Part of why that bill’s going through is to make it easier for governments around the country to identify individuals,” Warren said.
“This raises the potential for that data to be stored in a single system which brings more security issues.”