A team of cybersecurity researchers has launched “MeFiltraron”, a site for check if personal data is leaked online focused on Argentina and Latin America. So far, they’ve found 4.8 million records, some of them with sensitive information such as Passwordsaddresses, telephone numbers and personal documents.

Similar to “Have I been pwnd?”, a page born 9 years ago that allows you to check from an email if user data has been leaked on the web, the site (also called uterus) ensures that it does not store personal information of those who use it and tries to provide information before the huge number of cases that has been for the last few years.

“The main goal is to review those security incidents that have culminated in losses of user data, providing greater transparency on what happened e greater traceability on the exposed data (still available on the internet within everyone’s reach), and hold responsible those who request, process and store them without taking into account the required security measures”, he explains to clarion Emmanuel Di Battista, security analyst at DC5411the team that developed the site.

“The main difference with Have I Been Pwnd is the aim of data. This first version of MeFiltraron focuses on escapes from Argentina and has 4.8 million leaked records, many from little-known incidents or that are not relevant enough to be considered by HaveIBeenPwnd or other specialized sites,” he adds.

“A leak from an inland municipality may seem small since global cyber security perspective, but at a national level it is a significant event and should be reported. The same goes for threat actors, a ransomware case may attract international attention, but a lone actor leaks PMI easily goes unnoticed outside the local scene. Both cases, in our opinion, should be reported equally,” he adds.

Data breaches are dangerous for multiple reasons.

“Cybersecurity incidents happen often, and data breaches are one of the worst possible outcomes. A leak containing some basic data may seem harmless at first, but several combined can be potentially dangerous for victims, exposing them to crime such as identity theft or even possible scams”, explains Luis Ángel Ramírez, investigator and safety engineer of DC5411.

Furthermore, according to a study, the cost of losses is borne by the end users.

What data does the site process?

Before these kinds of pages, it’s worth asking what information it handles, where the records come from, and whether there are any cookies on the page Do they store user information or not?.

“Like HaveIBeenPwnd, our databases only contain information contextual information about each incident, such as when it occurred or whether sensitive information was compromised, and biographical data on the threat actors involved, including period of activityknown victims in the region, their tactics and objectives as a brief overview,” details Santiago Pérez, security analyst for the team.

And he clarifies the most important thing: “MeFiltraron does not know about compromised passwords or store any content from the leaks, it is limited only to archive emails and indicate those fugues of which it belongs”.

“I was leaked it does not store keys or any kind of compromised information. Just email addresses and the leaks it was a part of. It is important to understand that all information Tero accessed is still published (leaked) on the Internet and freely available. This is exactly what we try to emphasize from this platform,” she concludes.

Escapes to Argentina

In recent years, Argentina has been the scene of multiple leaks. In 2020, the National Migration Directorate suffered a cyber attack that released thousands of personal data of Argentine citizens.

Last year, an unauthorized access managed to extract data from Renaper and sold it in a forum for buying and selling personal data. And in January of this year, the nation’s Senate came under attack by ransomware which published sensitive data of workers in the Upper House, bills and even fingerprints of senior officials.

Aerolíneas Argentinas, the Ministry of Health and Justice of Santa Cruz, as well as that of Córdoba, have also suffered leaks.

There were also critical infrastructure and health institutions, such as the case of Garrahan Hospital, where 12 million records appeared distributed among 5.5GB of information.

There was extremely sensitive information: the data of patients and their legal guardians (IDemployment status, personal and business addresses and telephone numbers, medical conditions, affiliations with health coverage), technical information about their medical care and follow-up, and medical personnel files.

The private sector has also suffered multiple leaks: from Osde to Ingenio Ledesma (both encrypted by block tip), via Mercado Libre, Globant and other smaller companies.

What to do if I’m leaked

“Leaked information often remains on the Internet forever. The best way to control the damage caused by a leak is to edit as much of the leaked information as possible invalidate it: change keys, pins, usernames; request the reissue of documents (as far as possible), cards and any other type of credential,” recommends Ramírez.

Of course, not all losses are equally severe. Some are also very difficult to counter. “It must be understood that a lot of information is not easily changed (as in the case of tax or government documents), or it just can’t be changed at all (as in the case of data biometric)”.

“That is why in the future and as a preventative measure, it is important to provide the minimum necessary information about each platform we use, to understand in advance the impact a possible leak could have, and to take proactive measures such as always using – and as much as possible – unique data for each site”, he concludes.

Sites like Tero, together with Have I Been Pwnd, thus make it possible to make the traceability of personal data leaks more robust.

SL