Private and sensitive information of more than one million members of Argentina’s various military services was leaked on the dark web and various hacking forums.
On 26 September 2021, a user on a popular hacking-related forum claimed to possess sensitive information of more than 1 million members of various military branches and institutions of Argentina.
The user in question claimed to have obtained data from unidentified dark web hackers. The data in question is being distributed on various dark websites and hacking forums, apparently free of charge.
It is unclear how the hackers have obtained this data but based on previous similar incidents; it likely involves the penetration of one or more Argentine government-run websites and databases.
Update 30 September 2021: Based on the initial report published by Privacy Affairs, the Argentinian publication La Nación managed to receive confirmation from IOSFA (Institute of Social Work of the Armed Forces) that the database leak did indeed take place.
However, the government agency points out that the leak did not happen due to a cyber attack. It was further pointed out that the leaked data is outdated and incomplete. An investigation is underway, according to the IOSFA.
This is how the forum posting looked like (sensitive information was redacted to protect the privacy of affected individuals):
The available data claims to contain information on 1,193,316 Argentine military service members and employees of various national defense agencies.
The data purports to contain the full names, civil status, gender, precise address, telephone numbers, email, and rank of the affected individuals. The leak – if genuine – may be affecting the privacy of more than one million individuals.
The following Argentine institutions seem to be affected:
We believe security online security matters and its our mission to make it a safer place.
It is unclear when the alleged breach took place. The leaked data is making its round at the moment, being widely shared on various dark web sites and hacker forums.
This seems to be a relatively new leak and unrelated to an earlier one reported in August 2019, when hackers leaked 700 GB of data, including confidential documents, wiretaps, and biometric information from the Argentine Federal Police.
At that time, the website of the Argentine Naval Prefecture was also hacked, and it spread fake news about a non-existent British naval attack on Argentine ships.
This new leak follows an earlier one from approximately two weeks ago that claims to contain sensitive information on around 13,000 members of the Argentine Police.
While it seemingly does not affect as many individuals as the Defence Ministry leak, this one also contains facial records (images) of the affected law enforcement personnel along with their full names.
The hackers claim to have obtained this data because it was exposed after a bad indexing configuration during a fuzzing. Fuzzing is an automated software testing technique involving providing unexpected and invalid or random data to a computer application. It’s usually used to expose bugs and break-points in a system.
Another leak reported in September was the one affecting the El Salvador National Police. During that leak personal information of more than 30,000 members of El Salvador National Police was dumped on various dark web forums.
This time the source of the breach appeared to be the infamous hacking group FocaLeaks, known for the hacking of various government agencies and institutions over the last few months.
Note: Due to legal reasons, Privacy Affairs was unable to verify the authenticity of the data. This is a report on claims made by various anonymous persons on different dark web forums.
Accessing such information, even for verification purposes, may violate Argentinian laws; as such we were unable to verify the information’s authenticity.