Report 4309

A significant breach has emerged with the exposure of personally identifiable information (PII) of over five million citizens of El Salvador on the Dark Web. Resecurity, a cybersecurity firm, identified this massive leak impacting more than 80% of the country’s population.

The breach, attributed to a threat actor known as ’CiberinteligenciaSV,’ involves a 144 GB data dump posted to Breach Forums. The dump contains over 5 million high-definition photos, each linked to a Salvadorian’s document identification (DUI) number. Additionally, the leaked database includes citizens’ names, birthdates, telephone numbers, email addresses, and residential addresses.

Of utmost concern is the inclusion of headshots for each victim, marking a significant compromise of biometric data. This aspect poses grave identity theft and fraud risks for most of El Salvador’s populace.

While the leak’s origin remains uncertain, Resecurity suggests that its threat actors seek to obscure their involvement by implicating an infamous hacking collective, the Guacamaya group. However, the connection between the leak and the group appears tenuous, as the breach targets everyday citizens rather than the entities typically targeted by the Guacamaya.

Speculation arose linking the leaked data to the Chivo Wallet, the official Bitcoin and Dollar wallet of the Government of El Salvador. However, such claims were dismissed by the Ciberinteligencia SV Telegram channel.

This breach represents a landmark event in cybercrime history, with virtually an entire nation’s population affected by a compromise of biometric data. The vast scale of the breach poses significant risks for identity theft and fraud, particularly with the potential use of victim headshots in deep fake technology.