The Renaper detected a photo leak from the misuse of a password

Wednesday October 13, 2021 | 16: 10hs.

The National Registry of Persons (Renaper) on Tuesday formalized a criminal complaint before the Federal Criminal and Correctional Court No. 11 Secretary No. 22 after detecting that, through the use of passwords granted to public bodies, in this case the Ministry of Health, images were leaked as belonging to personal procedures carried out at the Renaper.

From the agency dependent on the Ministry of the Interior it was confirmed that it was an improper use of the user or theft of the user’s password and that the database did not suffer any violation or leakage.

On Saturday, October 9, the Renaper learned that a Twitter user identified by the name of @aniballeaks – an account that was reported and is currently suspended – had published the images of 44 individuals on said social network, including they found officials and public figures of knowledge in general.

Confirming what happened, the Renaper IT security team made a query on the 44 people involved in order to survey the last consumptions made through the use of the Digital Identity System (SID) on said profiles, detecting that 19 images had been consulted in the exact moment they were published on the social network Twitter from an authorized VPN (Virtual Private Network) connection between ReNaPer and the Ministry of Health of the Nation, and all the images had recently been consulted from that same connection.

Said connection would have made several individual queries to the Renaper databases between 15:01 and 15:55 through the SID data validation service which, once the person’s DNI and Sex are invoked, returns to the person who consults all the data printed in the National Identity Document, including image and other personal data, which were then immediately uploaded to the social network Twitter, without the consent of the Holder of the same.

After this preliminary analysis, the specialists confirmed, an unauthorized entry into the systems or a massive leak of data from the agency was ruled out outright.

Likewise, it was detected that an individual authorized user had improperly used the identity validation service for personal purposes through an authorized certificate from the Ministry of Health of the Nation, connecting through the corresponding VPN, with username and password.

Leave a Comment