Edition "Businessman”, Citing the founder of DeviceLock, Ashot Hovhannisyan, said that a database containing personal data of more than 28,000 users of the public services portal has appeared on hacker forums. A test example of a server dump with access logs, presumably, related to the public services service for the Khanty-Mansi Autonomous Okrug.
This dump contains the name, date of birth, SNILS and TIN numbers, phone numbers, email addresses, information about children and so on. “It was found that it was obtained from the open index of the Elasticsearch server, left in the public domain due to a configuration error,” Hovhannisyan explains.
According to him, the server was located on the Rostelecom site and indexed by the Shodan search engine on December 3, 2019, that is, the data could be in the public domain from at least that date. Moreover, unlike the information that they managed to download and put into free access, the server had other important data, for example, authorization tokens for accessing personal accounts from mobile devices.
RBC reports that Rostelecom and the Ministry of Communications have already commented on what is happening. Thus, the Ministry of Digital Development, Telecommunications and Mass Media began checking after reports of data leakage appeared, but emphasized that at present all systems are operating normally. Representatives of Rostelecom, in turn, did not confirm the information about the leak and stated that no incidents related to the unified identification and authentication system were detected, and user data was reliably protected.
The company believes that a possible incident could be related to the work of the regional mobile application "State Services of Ugra", developed by order of the Department of Information Technologies and Digital Development of the Khanty-Mansi Autonomous Okrug and functioning independently from the government services portal. The application is hosted on the technical infrastructure provided by Rostelecom PJSC.