Hacking Book | Free Online Hacking Learning


russian government website was leaked 2.25 million users' social security, passports and other information

Posted by patinella at 2020-03-13

More than 2.25 million citizens, civil servants and senior politicians' private and passport information has been leaked on several Russian government websites. Ivan begtin, co-founder of Russian NGO information culture, first discovered and disclosed this serious data leakage. In a series of three posts, begtin said he surveyed online government certification centers, 50 government portals, and electronic bidding platforms used by government agencies.

The survey found that 23 websites leaked personal insurance information (snils, equivalent to social security card number) and 14 websites leaked passport information. Begtin said there were more than 2.25 million pieces of information and data about Russian citizens through these websites, which anyone could download. Data leaked from these sites include full name, title, work location, email and tax number.

Although the leaked data of some websites is difficult to identify and requires begtin to extract metadata from the digital signature files, some data can be found by using Google to search the open network directory on the government website. In today's Facebook post, the researchers said he contacted roskomnadzor, the Russian government agency responsible for data privacy, eight months ago.

In an interview with foreign media ZDNet, begtin said that it has repeatedly informed the Russian government regulators, but the agency has not taken measures to enhance the security of these websites, and the data can still be accessed at present. After last April hoping to attract the attention of the public and regulators through blog posts, begtin today released his findings through the Russian news website RBC, which published a detailed in-depth report.

◆ source: cnBeta

◆ the copyright of this article belongs to the original author. If there is any infringement, please contact us to delete it in time