An Elasticsearch database containing the tax records of over 20 million Russians were found publicly exposed.
Security researcher Bob Diachenko working alongside with Comparitech, discovered the database on September 17, 2019. It was identified that since May 2018, the database had been exposed and that it did not require a password.
It was found that the exposed clusters consisted of multiple databases, of which two of the exposed databases contained the personally identifiable information (PII) and the tax records of millions of Russian citizens.
One database contained six million records from between 2009 to 2015, whilst the second database contained 14 million tax records dating between 2010 and 2016.
Some of the PII exposed included; full names, addresses, passport numbers, residency status’, phone numbers, tax ID numbers, tax amounts, employer names and their phone numbers.
The database is said to be based in Ukraine, however it is unknown as to who the organisation or company is behind the provided contact details.
Diachenko notified the owner of the database and three days later the database was protected. Unfortunately, the researchers weren’t able to notify the Russian citizens as there were no email addresses in the records.
It is unknown as to whether anyone else has accessed the databases, however as it was exposed for more than year it can be assumed that it could have been accessed.
Russian citizens should be aware of any unsolicited messages they receive.
The post #Privacy: Over 20 million Russian tax records exposed online appeared first on PrivSec Report.