Colombia’s tax authority DIAN is reported to have been compromised through an unpatched vulnerability in its appointment platform developed by Cielingenieria, resulting in unauthorized access. The actor claims a 16GB SQLite database containing 18 million Colombian records is being offered for sale for $2,000 and is also offering custom software to exploit the active vulnerability to extract additional documents and foreign citizen/company information. #DIAN #Cielingenieria
Keypoints
- An unpatched vulnerability in the DIAN appointment platform developed by Cielingenieria reportedly enabled the breach.
- The actor claims to have exfiltrated a 16GB SQLite database with 18 million records of Colombian citizens.
- The stolen data is being offered for sale on a hacker forum for $2,000 USD.
- The seller also offers custom software that leverages the active vulnerability to extract additional documents, including foreign citizen and company information.
- The exposed dataset appears to include sensitive personal and corporate records based on the provided database structure.
Read More: https://dailydarkweb.net/data-breach-allegedly-hits-colombian-tax-authority-dian/