Approximately 20.8 million records were exposed online due to a misconfigured Elasticsearch server, resulting in one of the biggest breaches in Ecuadorian history. The South American country only has a population of 16.6 million individuals, but the number of leaked records was more than the number of citizens due to duplicated records and older entries of deceased citizens, among other reasons.
Although the database has since been secured, cyber criminals could have taken advantage of this data while it was exposed, using it for phishing scams, identity fraud, and more. Ecuadorian citizens may be vulnerable in both the cyber and real world, meaning they should be extra observant in the coming weeks for any suspicious activity.
The most extensive data was the one that appears to have been gathered from the Ecuadorian government's civil registry. This data contained entries holding citizens' full names, dates of birth, places of birth, home addresses, marital status, cedulas (national ID numbers), work/job information, phone numbers, and education levels. ZDNet verified the authenticity of this data by contacting some users listed in the database. The database was up to date, containing information as recent as 2019.