A slew of government websites in Russia provide easy access to the personal and passport details of nearly 2.3 million citizens, including government employees and high-ranking politicians, according to a technology entrepreneur.
In his blog post series (in Russian), Ivan Begtin, co-founder of Russian NGO Informational Culture, has published the details of the leaks he discovered.
Begtin says he went through government online certification centres, 50 government portals, and an e-bidding platform used by government agencies to identify the sources of the leaks.
He adds that individual insurance account numbers or SNILS, Russia’s de-facto social security number, were available on 23 such sites. Passport information could be accessed on 14 sites.
The data available included full names, designations and place of work, emails, and tax identification numbers, says Begtin. Most of the unsecured data was available for anyone to download, while some needed basic tech prowess to be accessed, he adds.
Russian news organisation RBC, which followed up on the data published by Begtin, found out that the exposed passport details include those of several current and formal top Russian government officials, including the parliament’s deputy chairman Alexander Zhukov and former deputy prime ministers Anatoly Chubais and Arkady Dvorkovich.
"This is a stark reminder, not only to businesses to increase their defences, but that consumers need to rethink their own security hygiene," comments Sam Curry, chief security officer at Cybereason.
"Today, everyone should assume their private information has been stolen numerous times and will continue to be accessible to a growing number of threat actors," he adds.
In a Facebook post on 15 May, Begtin said that he had alerted several Russian administrative bodies, including the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) about the leaks.
According to the rough translation of his post, the Roskomnadzor responded that it agreed with some of his findings, but disagreed with the rest.