The bulk of El Salvador’s population may have fallen victim to a significant security breach, with a threat actor named ‘CiberinteligenciaSV’ leaking the personally identifiable information (PII) of over five million citizens, representing more than 80 percent of the population, on the Dark Web.
Posted on Breach Forums, the data comprises 144 GB of detailed information including high-definition photos indexed with each citizen’s document identification number, names, birthdates, phone numbers, email addresses, and residential addresses. The inclusion of biometric data (in the form of headshots) raises serious concerns about potential identity theft and fraud.
The attribution of this attack remains unclear, complicated by the presence of misinformation and potential false flag tactics. The threat actor used a name associated with a Telegram group linked to the “Guacamaya” hacktivist collective, known for targeting Latin American governments and corporations. However, statements from the group and assessments by cybersecurity firm Resecurity suggest that ‘CiberinteligenciaSV’ is likely not affiliated with Guacamaya. The purpose behind invoking the group’s name might be to obscure the true identity of the perpetrators.
There were also unverified suggestions tying the leaked data to El Salvador’s Chivo Wallet, the government’s official Bitcoin and Dollar wallet, although these claims were later refuted by the Telegram channel associated with the threat actor.
The implications of this leak are profound, especially in the context of rising cyber threats in Latin America and the increasing value of biometric data in the cybercrime ecosystem. The exposure of facial data significantly increases the risk of identity theft, with potential uses ranging from creating deepfake identities to bypassing biometric security measures in financial and governmental services.
Sources: Resecurity, Security Affairs
–
May 6, 2024 – by Ali Nassar-Smith
Follow Us