430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts found 20 Million tax records for Russian citizens exposed online

Experts discovered an unprotected Elasticsearch cluster containing personally identifiable and tax information of Russian citizens exposed online. Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection. The experts found an unprotected Elasticsearch cluster that was containing personally […]

Russian citizens

Experts discovered an unprotected Elasticsearch cluster containing personally identifiable and tax information of Russian citizens exposed online.

Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection.

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016.

“A database of more than 20 million Russian tax records was found on an unsecured server, accessible to anyone with a web browser.” reads the post published by Comparitech.

Comparitech partnered with security researcher Bob Diachenko to investigate the data exposure, which included sensitive personal and tax information. The database was taken offline after Diachenko notified the owner, who is based in Ukraine.”

Russian citizens

The Elasticsearch database was first indexed by search engines in May 2018, Diachenko discovered it on September 17, 2019, and on September 20, 2019 it was secured.

It is not possible to determine whether anyone else accessed the exposed data before it was discovered by Diachenko. The experts also revealed that the owner based in Ukraine, but did not reveal its identity.

The cluster included multiple databases, two of them contained tax and personally identifiable information about Russian citizens, prevalently from Moscow and the surrounding area.

“The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.” continues the experts.

Exposed records included the following information:

  • Full name
  • Address
  • Residency status
  • Passport number
  • Phone number
  • Tax ID number
  • Employer name and phone number
  • Tax amount

The exposed data could be used by threat actors to carry out tax scam and frauds.

“Affected individuals could be at risk of identity theft and should monitor their accounts closely. Tax fraud could also be a risk, though our team is not well-versed enough on the topic of the Russian tax system to give concrete advice.” concludes the experts.

“Potential victims should also be on the lookout for targeted phishing and other scams. Fraudsters could pose as tax officials, for example, to steal money or request additional information to aid in identity theft.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Russian citizens, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]