John brodersen
08/21/2021 12:59
Clarín.com
Technology
Updated 08/21/2021 1:11 PM
A file with personal information of
25,000 applicants to the medical residency exam was leaked
this Friday, exposing
ID
numbers
, telephones, emails and
username and password of those listed.
The information was confirmed to
Clarín
by sources from the Ministry of Health: "It was a specific error by the developer of the system," they explained.
Although the security breach has already been fixed and the information cannot be downloaded from the official site, the file is already circulating and this entails a huge danger for the safety of those who applied to the exam:
their personal data is already in circulation.
During the afternoon of this Friday, several Twitter users warned of the situation, based on the corroboration of the incident by the Instagram account of Medicine graduates, which called
for changing passwords to avoid more problems among those affected.
The main problem is that the data was stored without any type of security measure to protect the information, which is why it could be downloaded in a .csv file, similar to a .txt.
Password change warning.
Instagram photo
Computer security expert Javier Smaldone published 4 tweets explaining the situation.
“Words are not enough for me to explain how gross you have to be to, in the middle of 2021, store passwords in plain text.
In addition to being a nonsense in terms of security, it is already a violation of users' rights (because even if they are not filtered,
the system administrator can see the keys
), ”he added to
Clarín.
It is
urgent
that those who applied to the exam change their passwords.
“Now people are going to have to change their passwords ...
in the mail
(and social networks, because with the cell phone number enough to log in).
Unfortunately, you cannot change the rest of your personal data ”, explained the IT expert.
Yes, @msalnacion leaked information from 25,000 people registered to take the residency exam.
Including ID, phone number, email and PASSWORD (yes, they kept it in plain text).
https://t.co/FWKYRIAPoo
- Javier Smaldone (@ mis2centavos) August 20, 2021
The archive in circulation
The registry, which could be accessed from the official site of the Ministry of Health, published the personal data of those registered for a short period of time.
On Twitter, several users also tried to publicize the situation. Other users warned of the importance of communicating the fact so that those affected
change their passwords:
I just read that data was leaked from those registered to take the residency exam (published by synapsis fmed 9 hours ago).
They advise changing passwords.
I pass the data just in case 🤷
- bark💚 (@ Sa_05x2) August 21, 2021
The government leaked the passwords of all the doctors who are here to render residency hahahaha what a beautiful country
- Karen Williams (@karuwilliams) August 20, 2021
The ministry filtered a list with the data of all those registered for the residency exam with their mails and passwords .. It can't be that they can't organize an exam well, that's the way we are .. pic.twitter.com/uhmx4kRm80
- Lupi (@lupiheintz) August 20, 2021
From the health ministry they leaked all our passwords, emails, phone number, and probably the residency test was leaked.
How nice to study medicine no one in history ever said.
- Alin Ludmila Garay 💚 🧡 (@AlinGaray) August 21, 2021
The information is
no longer available for download
.
The problem is that, once these types of files circulate, passwords and personal data can be sold for use by cybercriminals:
from stealing personal information to extorting those involved.
The file with the keys even became a source of humor in networks.
With a friend we made a choice, we got depressed and we began to see the leaked passwords of the people.
One had Matame01.
Same friend, same.
- Laslo ☁️ (@_nubesdeazucar) August 20, 2021
The vulnerability of reused passwords
There is a second problem associated with passwords that exceeds the registration standard for exams: one of the most frequent errors is
repeating passwords on different platforms
(and, according to Google, used by 52% of users).
Repeating simple passwords in all the services we use is an invitation to what is known as "
credential stuffing
", a practice in which cybercriminals "sweep" the logins in various services from bots until they manage to enter because , precisely, we repeat the same key everywhere.
One of the solutions to these scenarios is to use a password manager.
Look also
These are the signs that you have a virus on your cell phone
"Are you in this video?": The new scam circulating on Facebook Messenger