TZUTC: -0500
MSGID: 1480.consprcy@1:2320/105 2d20480c
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
"Misconfigured databases remain one of the most common causes of data leaks
across the web and the cloud."  No, I'd say that *storing* data that
shouldn't be stored in those places is the most common cause.  -- Mike

Massive database containing identity info on 252 million people leaked online
- here's what we know

Date:
Thu, 04 Sep 2025 16:02:00 +0000

Description:
In some instances, the archive contained "full-spectrum" data, so be on your
guard.

FULL STORY

A quarter of a billion people, located in seven countries around the world,
were at risk of identity theft , wire fraud, phishing, social engineering, 
and other forms of cybercrime due to a collection of misconfigured databases
leaking all sorts of personal information. 

Security researchers from Cybernews recently found three misconfigured
servers, located in Brazil and the United Arab Emirates which contained
detailed personal information on more than 250 million people. 

The people are apparently from Turkey, Egypt, South Africa, Saudi Arabia, the
United Arab Emirates, Mexico, and Canada, with those in the first three hit
particularly badly, as they lost full-spectrum data.

"Government-level identity profiles"

Generally speaking, the archives contained peoples ID numbers, dates of 
birth, contact details, and home addresses. 

 Cybernews could not determine who the database owners are, but suspected it
was a single entity. 

It's likely that these databases were operated by a single party, due to the
similar data structures, but theres no attribution as to who controlled the
data, or any hard links proving that these instances belonged to the same
party, they explained. 

The researchers also noted the way the data was structured pointed towards
government-level identity profiles. 

The team managed to have the archives locked down by reaching out to the
hosting providers, who barred anyone else from entering. We dont know for how
long the database remained unlocked, or if anyone managed to access it before
the Cybernews team. 

Information such as this can be used in all sorts of cybercrime. Threat 
actors can use it to impersonate people and open bank accounts, take out
loans, and possibly even apply for tax cuts or returns. They could send out
convincing phishing emails, stealing login credentials and pivoting to other
tools, including business accounts. 

Misconfigured databases remain one of the most common causes of data leaks
across the web and the cloud.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/massive-database-containing-identity-in
fo-on-252-million-people-leaked-online-heres-what-we-know

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426