Another unprotected server leaking personal data of millions of Ecuadorian citizens uncovered by researchers

Latest Ecuadorian data breach attributed to company called DataBook using the data on a an unsecured server

Security researchers have discovered yet another unsecured server exposing sensitive data on Ecuadorian citizens.

According to Bloomberg, the server is located in Germany and is being used by an Ecuadorian company called DataBook.

The server, hosting the details of some 17 million Ecuadorian people, was spotted by Noam Rotem and Ran Locar, two Israeli computer programmers, who do security research in their free time.

According to Locar, the data stored on the DataBook server appears to be the similar to the unprotected data discovered on the internet earlier this month, although it may not be an exact copy of that data.

It includes names, phone numbers, addresses, email IDs, workplace information, family members, and many other highly personal details about Ecuadorian citizens.

The government's fast-response IT security team has already been notified about the breach, which alerted prosecutors about it and also asked them to investigate other firms supposedly illegally using the personal data of Ecuadorian citizens.

Earlier this month, cyber security firm vpnMentor revealed that its researchers - led by Noam Rotem and Ran Locar - had found an unprotected database, exposing personal details of almost every Ecuadorean citizen on Internet.

The database contained personal details of almost all Ecuadorean citizens. The details that were exposed included names, dates of birth, address, marital status, family details, ID number, and other information.

Approximately 6.77 million of the total 20 million records in the database were of children under the age of 18.

A detailed analysis of the database revealed that it belonged to a local data analytics firm called Novaestrat. The information contained in the database likely came from multiple sources, including government registries, Ecuadorian national bank BIESS, and an automotive association called Aeade.

The Ecuador authorities later apprehended a senior executive of Novaestrat in connection with the breach. The investigating agencies raided Novaestrat's office and arrested the company's legal representative William Roberto G from the office. Several computers, storage devices, and electronic equipment were also seized during the raid.

The massive data leak also sparked a push in the country to pass new data protection legislation that would mirror the EU's privacy regime and enable citizens to oppose and eliminate the use of their personal data by organisations.

After the bill is passed by the National Assembly, a new data protection authority would be set up in the country to enforce the law.