Hacking Book | Free Online Hacking Learning


russian government website was leaked 2.25 million users' social security, passports and other information

Posted by graebner at 2020-03-05

More than 2.25 million citizens, civil servants and senior politicians' private and passport information has been leaked on several Russian government websites. Ivan begtin, co-founder of Russian NGO information culture, first discovered and disclosed this serious data leakage. In a series of three posts, begtin said he surveyed online government certification centers, 50 government portals, and electronic bidding platforms used by government agencies.

The survey found that 23 websites leaked personal insurance information (snils, equivalent to social security card number) and 14 websites leaked passport information. Begtin said there were more than 2.25 million pieces of information and data about Russian citizens through these websites, which anyone could download. Data leaked from the sites include full names, titles, work locations, e-mails and tax numbers.

While the data leaked from some sites is difficult to identify and requires Begtin to extract metadata from the digital signature file, some data can be found by using Google's search of the open web directory on the government's website. In today's Facebook post, the researchers said he contacted roskomnadzor, the Russian government agency responsible for data privacy, eight months ago.

In an interview with foreign media ZDNet, begtin said that it has repeatedly informed the Russian government regulators, but the agency has not taken measures to enhance the security of these websites, and the data can still be accessed at present. After last April hoping to attract the attention of the public and regulators through blog posts, begtin today released his findings through the Russian news website RBC, which published a detailed in-depth report.

◆ source: cnBeta

◆ the copyright of this article belongs to the original author. If there is any infringement, please contact us to delete it in time