It became known that unknown individuals posted on the Internet the personal data of users of the State Services portal of one of the regions of Russia. It is reported that the leak occurred due to incorrect software configuration of one of the resource's servers. It is noted that the vulnerability has been fixed, but the extent of the threat remains unclear.
The specialists of the DeviceLock company, which works in the field of information security, managed to discover the personal data of users of the State Services portal in the public domain. This was announced by the founder of the company Ashot Hovhannisyan, adding that at one of the specialized forums a database with data from 28 users of the State Services portal was identified. It is noted that the data structure is not uniform, but among them are, for example, the full name of users, their dates of birth, SNILS and TIN numbers, contact phone numbers, email addresses, etc.
“In the process of monitoring shadow forums where databases are distributed, a test example of a server dump with access logs was identified, presumably to the State Services service for the Khanty-Mansiysk Autonomous Okrug. During the analysis of the test instance, it was found that it was obtained from the open index of the Elasticsearch server, left in the public domain due to a configuration error,” said Mr. Oganesyan, commenting on this situation.
В it is noted that the said server is located at the Rostelecom site. It was indexed by the Shodan search engine on December 3rd. This suggests that user data could have been in the public domain at least since that time. The report notes that in addition to the data downloaded by the attackers, the server contained other important information, including authorization tokens for accessing user accounts from mobile devices. However, it is not known for certain whether these data could be used to gain access to the personal account of real users of the portal.
UPD: Rostelecom, operator of the public services portal, that no leaks were found. It is said that the incident may be related to the local application "Gosuslugi Ugra", which operates autonomously from the portal. The Ministry of Telecom and Mass Communications is checking on the fact of a possible leak.
Source: 3dnews.ru
