A user uploaded a database to a specialized forum for the purchase and sale of personal data that, he claims, corresponds to 65 million records extracted from Renaper. At the beginning of the month, another attacker leaked a file with 116,459 photographs of Argentine citizens from the same entity. The Government denied that it was a hack to the system: “The technical teams of Renaper and the cybersecurity company DANAIDE SA confirmed that there was no hack to the organization’s database or a new leak of information,” they say.
“It is a confirmation of what happened in 2021, which Renaper denied. All document data, DNI, open for download are publishedbut a large part of the source code of Renaper’s internal systems is added, including connections to the databases with users and passwords, which are in plain text and can be seen,” explained Cristian Borghello, a lawyer, in dialogue with this medium. in systems and cybersecurity specialist.
“There is also information from third-party systems: public organizations, banks, fintech, private companies, which use Renaper services. “This is more serious than previous leaks because there is not only citizen data but also connectivity data to other companies, and obviously connections with their clients,” he added.
As confirmed Clarion From the information uploaded, the records of the internal operators reach until June 2022, from which it can be inferred that the extracted information reaches until that date. Furthermore, the “leakers” (leakers) of all this Renaper information, the one from the beginning of the month and the one that became known this Wednesday, are two different people.
Among the data there is personal information of citizens, documents, even SMS from coronavirus records and even a file called “armada.sql” that has information on military ranks. In the information you can see that access to internal accounts lasts until June 2022 and that there are a large number of system users whose password was 1234.
Personal data is marketed to commit various types of cybercrimes, including identity theft, which can be used to gain unauthorized access or perform social engineering. Photos are coveted for some fintech applications that validate identity in a 100% digital way.
In 2021, Renaper made the news when a user gained access and leaked data from 60,000 Argentines as proof that, he claimed, he had records of all the inhabitants in his possession. According to the analyst, this leak is a continuity of that access to the system.
The batch uploaded this time is much larger, therefore, the analysis of those 65 million records will reveal details in the coming days.
When consulted by this means, the Government explained the situation: “In addition to the fact that no hack was detected, the organization’s security experts stressed that the capacity necessary to obtain the information of 65 million people would require an infrastructure similar to the factory of Renaper DNIs and a quantity of hardware close to that acquired by the national government, ruling out that the information is real. Likewise, it would imply a storage capacity of 500 terabytes of storage, outside the scale of a hack.
“Any attempt to obtain such a large amount of information would have been easily detected by Renaper’s cybersecurity services, including the company Danaide SA, hired in 2021 through public bidding. It would also be an operation lasting weeks or months, being impossible to execute in a single day,” they added.
Week of leaks in Argentina
Last week, the same user who uploaded the Renaper information uploaded a set of data from Nosis users, a widely used site that offers “strategic information on citizens” and that includes addresses, documents, telephone numbers and other data such as employment relationships and financial records.
On Tuesday, a user put up for sale an archive with 5.7 million files containing images of Argentine driver’s licenses. The leaker even published a sample where you can see the driving licenses of celebrities, including the President of the Nation, Javier Milei, and several officials.
Clarín accessed some of the information and verified, in several cases, that the data of the licenses uploaded is real: both the issuance and expiration dates and the personal data coincide with the documentation, which seems to refer to the digital versions of the licenses. of the My Argentina application. In some cases, the photos are not updated to the latest version of the records, as well as some that are signed and others that are not.