A significant data breach has exposed the personal information of over 252 million individuals across seven countries. Security researchers from Cybernews discovered three misconfigured servers in Brazil and the United Arab Emirates that contained sensitive data, including names, identification numbers, and contact details. The leak poses a serious risk of identity theft and other cybercrimes.
The affected countries include Turkey, Egypt, South Africa, Saudi Arabia, the United Arab Emirates, Mexico, and Canada. Among these, individuals from Turkey, Egypt, and South Africa are particularly vulnerable, as they have lost what is described as “full-spectrum” data.
Details of the Breach
The databases contained extensive information, such as ID numbers, dates of birth, home addresses, and contact information. Although Cybernews could not identify the owners of the databases, they suspect that a single entity may have operated them due to the similarities in data structures. The researchers stated, “It’s likely that these databases were operated by a single party, due to the similar data structures, but there’s no attribution as to who controlled the data.”
The structured data suggests that these profiles may have originated from government-level records, raising concerns over the potential misuse of the information. Cybernews contacted the hosting providers to secure the databases, successfully locking them down to prevent further access. It remains unclear how long the servers were exposed or whether any unauthorized users accessed the data prior to the intervention.
Potential Consequences
The implications of such a data breach are profound. Threat actors could exploit the information for various cybercrimes, such as impersonating individuals to open bank accounts, secure loans, or even file for tax returns. Phishing attacks could become more convincing, leading to further credential theft and unauthorized access to financial accounts.
Misconfigured databases are a common vulnerability on the internet, frequently leading to data leaks. Organizations must prioritize data security to mitigate these risks effectively. This incident serves as a stark reminder of the importance of robust cybersecurity measures in protecting sensitive personal information.
