The Renaper clarified that there was no hacking or its database was violated

The National Registry of Persons (Renaper) clarified today that its database “did not suffer any violation or leakage” of information, after detecting that, through the use of keys granted to public bodies, images were leaked on Twitter as belonging to procedures personnel carried out in that body, before which he made a complaint to the federal Justice.

The agency, which depends on the Ministry of the Interior, reported in a statement that “it was an improper use of the user or theft of the user’s password”, and stressed that “the database did not suffer any data breach or leakage” .

The complaint was presented to the Federal Criminal and Correctional Court 11, Secretariat 22, after it was detected that, through the use of passwords granted to public bodies, in this case the Ministry of Health, “images were leaked as belonging to procedures personal made in the Renaper, “said the agency.

In the same statement, he specified that last Saturday, October 9, the Renaper learned that a Twitter user identified with the name of @aniballeaks – an account that was reported and is currently suspended – had published the images on said social network of 44 individuals, among whom were officials and public figures of knowledge in general.

After confirming the fact, the Renaper IT security team made a query on the 44 people involved “in order to ascertain the latest consumptions made by using the Digital Identity System (SID) on said profiles.”

The investigation found that “19 images had been consulted at the exact moment that they were published on the social network Twitter from an authorized VPN (Virtual Private Network) connection between the Renaper and the Ministry of Health of the Nation, and that all the images they had recently been consulted from that same connection, “according to the agency.

From that connection, “several individual queries were made to the Renaper databases between 15:01 and 15:55 through the data validation service of the SID, which, once invoked the DNI and gender of the person , returns to whoever consults all the information printed on the DNI, and that includes image and other personal data, which were immediately uploaded to the social network Twitter, without the consent of the owner of the same, “the statement detailed.

And he added that after this preliminary analysis, an unauthorized entry into the systems, or a massive leak of data from the agency, was ruled out outright, as the specialists were able to confirm.

It was also detected that an individual authorized user had improperly used the identity validation service for personal purposes through an authorized certificate from the Ministry of Health of the Nation, connecting through the corresponding VPN, with username and password . (Télam)

Leave a Comment