A database listed for sale on a popular hacking forum may raise some political questions for El Salvadorans.
On August 16, a listing offered 114GB of files with facial photos and 5.1 million records with El Salvadorans’ “full name, dui, date of birth, address, telephone, email and hd photo of the face.”
DataBreaches was contacted by someone affiliated with the hack and provided with access to the records in a text file. The data, initially described to DataBreaches as a vaccination database, did not appear to have any actual health data, and on inquiry, the contact admitted that the team had assumed the data were vaccination records, but now it was not clear. To add to the confusion, the data had not even been exfiltrated from any government health agency — or any government agency at all, for that matter.
“There was a backup in the cloud of a member of the government,” the contact told DataBreaches. When asked, he said that the member was Alejandro Muyshondt, a former national security advisor. The contact’s team claims they had access to Myshondt’s mega.nz account months ago and downloaded the data then. They never contacted him or the government to attempt to ransom it, however.
“They put him (Muyshondt) in jail a few days ago for being a double agent and allegedly leaking classified information,” the contact informed DataBreaches. Why Muyshondt would have had this particular dataset and whether it had been shared improperly with anyone prior to this forum listing is unknown to DataBreaches, as is the original source of the dataset.
The El Salvadoran listing is one of two El Salvadoran databases listed on the same hacking forum. The second, and earlier one, is a leak of data involving the El Salvadoran police, which is listed by a different forum user.
Both listings, however, have something in common. Both hacks are the work of the same group of hacktivists known to DataBreaches as “FocaLeaks.” DataBreaches reported on their El Salvadoran police data breach in September of 2021.
In February of 2022, FocaLeaks also announced that they were in the process of doxing all government politicians and were uploading the data to the Internet Archive. The project was announced on Twitter in a non-suspended account:
Empezamos la jornada con una f1ltr@c10n que nos pasaron que contiene la info de todos y cada uno de los diputados, espero les sirva para sus investigaciones.
Parte 1, contacto: [email protected]https://t.co/eiLBuWDTN3 #elsalvador #nuevasideas #sv #politica #nayib #sivar pic.twitter.com/fyAykgQtg9
— FocaLeaks (@foca_leaks) February 28, 2022
The newest listing is the first time DataBreaches has seen FocaLeaks try to sell data instead of just leaking it.
Inquiries to the country’s health agency went unanswered, and it is not clear to whom further inquiries might even be addressed at this point as the security advisor is detained.
So why was the president’s National Security Advisor in possession of this data set and why had it been uploaded to Mega.nz? Was there any connection to any of the alleged wrongdoing by the national security advisor? DataBreaches will update this post if more information becomes available.