Generalitat of Catalonia Exposes Thousands of Personal Data Of Its Citizens


 

Cybercrime in the wake of the coronavirus, cybersecurity breaches are something to take into account these days. The last to come to the fore has been the breach suffered by  the website of the Generalitat of Catalonia,  which has exposed more than 5,000 data of its citizens.


The ruling, which has been confirmed by the Generalitat itself, is based on a vulnerability that allowed the injection of malicious code. The vulnerability has affected at least  4 domains of the Generalitat,  referring to tools used for the culture and education sectors.



Some 5,597 data records have been exposed  . These include extremely private data, such as emails and passwords. Data such as educational centers have also been leaked  .


More Than 5,000 Data Exposed

The vulnerability came from an injection of SQL code. This is usually present in vulnerabilities caused in the development of web and mobile applications. It uses applications at the input validation level to perform operations on databases.


http://culturaeducacio.gencat.cat

https://jocdelsdrets.gencat.cat/

login.regsega.cat

aplicacions.ensenyament.gencat.cat


This last domain, belonging to the territorial service's website of the Catalan Department of Education, is the one that has suffered the largest leak, the one that exceeds 5,000 data records. According to the institution, the leak has affected only  180 users,  denying that these websites contained sensitive data or, failing that, critical data. In fact, it is believed that the vulnerability  has not been exploited,  although an investigation has been opened in this regard.


It was not until last week that the failure was discovered, when cybersecurity researcher Touseef Gul alerted the Generalitat of the problem. Up to 3 of the pages have already been removed, being in a state of maintenance and the Generalitat is already investigating the fact.



It's Not The First Time



It is by no means the first time that we have been exposed to data in this way. Without going any further, a few months ago we witnessed the security breach that affected  F reepik , one of the largest stock  image sites  on the Internet. The site exposed data from up to 8 million users, although the data collected was less sensitive.


The problem was exactly the same: SQL injection, which allowed attackers to access user databases. These pulled data from up to 8.3 million users, mostly emails. Last year something similar happened; the data of thousands of visitors to the Alhambra in Granada were exposed. Specifically,  4.5 million users.

Previous Post Next Post