An unknown hacker leaked the ID information of dozens of local celebrities such as the Argentine president, football star Messi and Aguero on Twitter, and peddled access to Argentine citizenship information on hacker forums;
The Argentine Ministry of the Interior responded that there was no data breach in the RENAPER citizen database;
The unknown hacker said that he had a copy of RENAPER’s data, showed the reporter’s query ability, and said that a batch of millions of citizen data samples may be released.
Hackers have broken into the Argentine government IT network and managed to steal the ID details of all the country’s population. Currently, this part of the data is being sold on a small scale.
The attack took place last month, victimized by the agency RENAPER (Registro Nacional de las Personas), which translates to Argentina’s National Population Registry.
This agency is an important department under the Argentine Ministry of the Interior, responsible for issuing national identity cards to all citizens and storing the relevant data in a digital format as a database accessible to various other government agencies. With the support of this system, most government departments can quickly query the personal information of every citizen.
Argentine President, Messi and other identities leaked on Twitter
Earlier this month, a newly registered Twitter account called @AnibalLeaks posted ID photos and personal details of 44 Argentine celebrities. This is the first time that evidence of RENAPER’s hacking has been made public.
Those exposed included details of Argentine President Alberto Fernandez, multiple politicians and journalists, and even data on football superstars Lionel Messi and Sergio Aguero.
Just a day after the tweet came to light, the attackers posted an ad on a well-known hacker forum saying they could help find the personal details of any user in Argentina.
The Argentine government confirmed the data breach three days later in the face of media inquiries over the Twitter leak.
On October 13, the Argentine Ministry of the Interior issued a statement saying that its security team found that the VPN account assigned to the Ministry of Health had been used to query 19 photos in the RENAPER database, “these photos were then posted on social media. on Twitter.”
The statement also said that “the RENAPER database has not suffered any data leakage or breach” and that the authorities are currently investigating eight government employees, hoping to find out whether they are related to the incident.
Hackers have copies of data they intend to sell and make public
The reporter reached out to a seller who was selling access to RENAPER’s data on a hacking forum.
In a recent conversation, the other party claimed to have a copy of the RENAPER data, which apparently contradicted the official government statement.
To support this claim, the seller also provided a set of Argentine citizenship information selected by reporters, including a highly sensitive license number.
“In a few days, I may publish the data of 1 million or 2 million people.” The RENAPER hacker said that they intend to continue to sell access to this data to all interested buyers.
We also shared with the hackers a link to the Argentine government’s statement, specifically the part in which officials blamed the successful intrusion on stolen VPN accounts. The hacker simply replied “Yes, careless employee”, which indirectly confirmed the entry point of the attack.
According to the data samples provided by the hackers, they already have the full names, home addresses, dates of birth, gender information, ID card issuance and expiration dates, labor identification numbers, license numbers, citizenship numbers, and ID photos of all Argentine citizens.
The current national population of Argentina is estimated to be over 45 million, and it is unclear whether all of them are stored in the RENAPER database. Hackers claim that the entire population is among them.
It is also the second most serious security breach in Argentina’s history, following the Gorra Leaks hack in 2017 and 2019. In Gorra Leaks, hacktivists seized personal details of Argentine politicians and police forces.