The official website of the Argentinian Ministry of Industry (Ministerio de Produccion) suffered a major breach that exposed not only private documents but also personal information and contact details of a big number of individuals.
The website, produccion.gob.ar, was hacked by Kapustkiy and Kasimierz L,. who managed to breach it after getting access to an administrator account.
Softpedia was provided with evidence that access to the admin panel was indeed obtained, which in its turn offered access to personal information of employees and documents belonging to the ministry which weren’t otherwise supposed to be exposed.
We can confirm that details such as names, home addresses, emails, Facebook and Twitter accounts, and phone numbers were accessed as part of the breach and Kapustkiy told us that he estimates that approximately 18,000 accounts were exposed.
What’s important to note, however, is that Kapustkiy doesn’t plan to leak the information, so although so many details were accessed following the hack, individuals whose details were included in these databases are fully secure.
The ministry has already been contacted and informed about the breach, but no response has been offered by the time this article was published.
Shockingly easy-to-guess password
As far as the method of breaching is concerned, Kapustkiy said that they didn’t use a typical SQL injection, but a different approach which he refused to disclose. We were, however, provided with a look at the administrator account and we can confirm that the used password is shockingly easy to guess - we can’t disclose any details on this for obvious reasons.
But given the fact that it’s the official website of a ministry, it’s worrying to say the least that administrator accounts are protected with so weak passwords, especially when taking into account that they include databases with personal information of so many people.
For the moment, the website is still up and running, but expect IT admins to take it down in the coming days when they acknowledge the breach. Kapustkiy said he was able to download all files they had on their servers after accessing the admin panel, so it’s very clear that site admins need to deal with this as soon as possible.
UPDATE, December 9: It looks like the login link is down, so the site's security team is most likely working to fix the breach. There's still no response from the administration team, but there's a good chance that they're already aware of the hack and they're now trying to address it either by taking down the admin panel or by using IP filters that block access from outside the country.