A database containing information on every living person in Ecuador, as well as some that are deceased, has been found just sitting online.
According to ZDNet, two security researchers from vpnMentor, Noam Rotem and Ran Locar, discovered the misconfigured database and, together with ZDNet, proved its authenticity and analysed its contents.
Apparently, the database contained records on roughly 20 million people. Ecuador is a relatively small South American country with a population of 16.6 million. The extra entries are both from deceased individuals, as well as from duplicate and erroneous entries.
But that also means that information on children was found, as well. The database contained names, cedulas (national ID numbers), places of birth, home addresses, and gender. In some cases, ZDNet claims, one could construct the entire family tree, given that the database contained such detailed information.
Seven million financial records, and 2.5 million records containing car and car owner details, were also found in the database. It seems as that the information was gathered from two separate sources, one of them being the country’s civil registry. The second one seems to be Novaestrat, a company claiming to provide analytics services for the local market.
Given that the company didn’t list an email address or a phone number on the website, that its customer support page was broken and that its employees did not respond to inquiries over LinkedIn, the researchers were forced to reach out to Ecuador CERT (Computer Emergency Response Team) team, which served as an intermediary and helped close the database down.
You can find more details about the leak on vpnMentor’s blog.