Earlier this week, the media reported that a database containing personal data of more than 28,000 users of the public services portal appeared on hacker forums. A test example of a server dump with access logs, presumably, related to the public services service for the Khanty-Mansi Autonomous Okrug.
According to DeviceLock, which discovered the problem, the server was located on the Rostelecom site and indexed by the Shodan search engine on December 3, 2019, that is, the data could be in the public domain from at least that date.
Let me remind you that Rostelecom and the Ministry of Communications commented on what is happening. Thus, the Ministry of Digital Development, Telecommunications and Mass Media reported that the problem was resolved, and after reports of data leakage appeared, an inspection was started. It was also emphasized that all systems are already operating normally. Representatives of Rostelecom, in turn, did not confirm the information about the leak and stated that no incidents related to the unified identification and authentication system were detected, and user data was reliably protected.
The company suggested that a possible incident could be related to the work of the regional mobile application "State Services of Ugra", developed by order of the Department of Information Technologies and Digital Development of the Khanty-Mansi Autonomous Okrug and functioning independently from the government services portal. The application is hosted on the technical infrastructure provided by Rostelecom PJSC.
As it is now confirmed in the Department of Information Technologies and Digital Development of Ugra, the leak that occurred in the Khanty-Mansiysk Autonomous Okrug on December 28 occurred on the proxy server of the Ugra State Services application, but it concerned technical, not personal data. The following is a statement from the department.
December 28, 2019 on the Internet was posted information about the leak of personal data of Ugra residents who are users of the Ugra State Services mobile application.
Indeed, on this day a data leak was recorded. But according to the results of a preliminary investigation of the information protection center of the Ugra Research Institute of Information Technologies, it was revealed that this was a leak of technical data, the so-called “proxy server logs”. The data to which access was obtained contains technical information necessary for debugging the interaction of information systems.
At the same time, all the credentials of our residents are safe in a protected circuit. Data that is necessary for the provision of public services, including usernames and passwords used to authorize users, payment data, and other identification data were not subject to leakage, there are no risks for citizens in connection with this incident. All technical infrastructure involved in the provision of public services is operating normally. This means that the population of the okrug can normally use the full range of services in absolutely all areas of life – banking, social, tourism, etc.
But even this leak, it is a signal. We found that this incident was caused by a subcontractor of Rostelecom PJSC, to which appropriate sanctions will be applied.
To further investigate the incident, on December 30, by order of the Ugra Depinformtechnologies, an investigation team was set up involving experts from the Information Security Center of the Ugra Research Institute of Information Technologies, as well as external independent experts for investigating information security incidents.