Incidents

First it was Ecuador, now it’s Colombia. Data leak affects millions of citizens

Ethical hacking specialists from security firm ESET report the discovery of a misconfigured ElasticSearch implementation that has resulted in the internet exposure of nearly 2.5 million Colombian citizens. The compromised information includes names, email addresses, phone numbers and other personal details.

Reporting this security flaw was a titanic task
for the firm’s experts, as it was difficult to immediately find those
responsible for receiving the report, as well as the information was still being
exposed. Apparently the reports have already reached the right people, so the
information is already secured.

“This is a clear sign that companies do
not consider information security comprehensively, but prefer to leave this
step at the end,” ethical hacking experts say. Previously a similar data
breach was filed in Ecuador, only on that occasion the incident affected most
of the population throughout the country.

Experts say authorities in some countries, especially
in Latin America, have failed to transform the media impact generated by these
security incidents into better policies or updating technology implementations
to prevent affectation on citizens. “Governments and private companies
should at least try to learn from these vulnerabilities and try to correct them
so they don’t show up in the future,” the experts added.

In addition, ethical hacking specialists claim
that companies must weigh the security of information above the functionality
of some applications and services, although in many cases this is not met.
Previous cases, such as those in Ecuador
and Brazil, or the most recent in Colombia, reveal the little interest that
many companies lend to information security, also make known the inability of
authorities and private companies to implement adequate recovery processes.

International Institute of Cyber Security
(IICS) ethical hacking specialists believe that security standards set up or
implemented by some companies have a negative impact on user safety, which as
has been mentioned above, exposes people to data theft and other malicious
activities.

To Top

Pin It on Pinterest

Share This