A team of computer security researchers launched “MeFiltraron”, a site for check if personal data is leaked online focused on Argentina and Latin America. So far, they have detected 4.8 million records, some of them with sensitive information such as passwords,addresses, telephone numbers and personal documents.

Similar to “Have I been pwnd?”, a page founded 9 years ago that allows you to verify from an email if user data was leaked on the web, the site (also called Earth) ensures that it does not store personal information of those who use it and tries to provide information before the huge number of cases that has been in recent years.

“The main objective is to review those security incidents that have culminated in leaks of user data, providing greater transparency about what happened and greater traceability about the exposed data (still available on the internet within everyone’s reach), and hold those who request, process and store them accountable without taking into account the required security measures”, he explains to Clarion Emmanuel Di Battista, security analyst at DC5411the team that developed the site.

“The main difference with Have I Been Pwnd is the targeting of data. This first version of MeFiltraron focuses on leaks from Argentina and has 4.8 million leaked records, many of them from little known incidents or that they are not relevant enough to be taken into account by HaveIBeenPwnd or other specialized sites”, he adds.

“A leak from a municipality in the interior may seem small from the global cybersecurity optics, but at the national level it is a relevant event and must be reported. The same goes for threat actors, a ransomware case can attract international attention, but a lone actor leaking SMEs it easily goes unnoticed outside of the local scene. Both cases, in our opinion, should be reported equally”, he adds.

Data breaches are dangerous for multiple reasons.

“Cybersecurity incidents happen often, and data breaches are one of the worst possible outcomes. A leak containing some basic data may seem harmless at first, but several combined can be potentially dangerous for victims, exposing them to crime such as identity theft or even possible scams”, explains Luis Ángel Ramírez, Investigator and Security Engineer of DC5411.

Furthermore, according to a study, the cost of leaks is paid by end users.

What data does the site handle?

Before this type of pages, it is worth asking what information it handles, where the records come from and if the cookies on the page Do they store user information or not?.

“Like HaveIBeenPwnd, our databases only contain information contextual information about each incident, such as the date it occurred or whether sensitive information was compromised, and biographical data about the threat actors involved, including period of activityknown victims in the region, their tactics and objectives as a brief review”, details Santiago Pérez, security analyst for the team.

And it clarifies the most important thing: “MeFiltraron does not know the compromised passwords nor does it store any content from the leaks, it is only limited to store emails and indicate those leaks of which it is a part”.

“MeFiltraron does not store keys or any type of compromised information. Just email addresses and the leaks he was a part of. It is important to understand that all the information that Tero had access to is still published (leaked) on the internet and freely available. This is exactly what we are trying to point out from this platform ”, she closes.

Leaks in Argentina

In recent years, Argentina has been the scene of multiple leaks. In 2020, the National Directorate of Migrations suffered a cyberattack that published thousands of personal data of Argentine citizens.

Last year, unauthorized access managed to extract data from Renaper and sold it in a forum for buying and selling personal data. And in January of this year, the Senate of the Nation suffered an attack of ransomware that published sensitive data of workers of the Upper House, bills and even fingerprints of senior officials.

Aerolíneas Argentinas, the Ministry of Health and Justice of Santa Cruz, in addition to that of Córdoba, also suffered leaks.

There were also critical infrastructure and health institutions, such as the case of the Garrahan Hospital, in which 12 million records appeared distributed among 5.5 GB of information.

There was extremely sensitive information: data from patients and their legal guardians (DNIsemployment situation, addresses and personal and work telephone numbers, medical conditions, affiliations to medical coverage), technical information on their medical treatments and their follow-up, and files from medical personnel.

The private sector also suffered multiple leaks: from Osde to Ingenio Ledesma (both encrypted by Lockbit), going through Mercado Libre, Globant and other smaller companies.

What to do if you were leaked

“Leaked information often stays on the internet forever. The best way to control the damage caused by a leak is to modify as much leaked information as possible, to invalidate it: change keys, pins, usernames; request the reissue of documents (to the extent possible), cards and any other type of credential”, recommends Ramírez.

Of course, not all leaks carry the same severity. Some are even very difficult to counter. “It is necessary to understand that much information cannot be easily modified (as in the case of fiscal or government documents), or it just can’t be modified at all (as in the case of the data biometric)”.

“That is why in the future and as a preventive measure, it is important to provide the minimum information necessary on each platform that we use, to understand in advance the impact that a possible leak could have, and to take proactive measures such as always using -and in as far as possible-unique data for each site”, he closes.

Sites such as Tero, together with Have I Been Pwnd, thus make it possible to make the traceability of personal data leaks more robust.