Ooof this is bad. A 144 GB database full of personal information about adult El Salvador residents was leaked. There are unconfirmed rumors that this leak stems from Chivo, the bitcoin wallet offered by the El Salvadorian state. Always remember that KYC is the illicit activity.
https://protos.com/hacker-doxxes-nearly-every-adult-in-el-salvador/
KYC IS THE ILLICIT ACTIVITY
nostr:note1dgwfwrwz8kvnanmym7tfsywgxl6es4ycju3vumpyh0je4q36ecnsptfwlw
That sounds like a enormous amount of peoples data with letters in text only being worth a kilobyte of actually usage on a hard drive that must calculate out to millions of people personal information. Tradgic
I don't know if Atlas21 is a trustworthy website but they also have an article on this
https://atlas21.com/hacker-publishes-data-of-almost-the-entire-population-of-el-salvador/
Yes, Atlas21 is a trustworthy Bitcoin-oriented website! The guy who founded it is a brilliant journalist!
Who is he?
I'm pretty convinced that omw of the founders and main journalists is Feferico Rivi, italian guy.
You are correct
Hey. Yep I’m behind Altas21. The rumor is unconfirmed yet but honestly it’s very difficult to define it only as a “rumor”. The day after the news came out, someone published a script to try a brute force attack with the password “123456” on Chivo’s server. The script works and the server responds. The timing is suspect, at least.
Is it really a brute force if the only password they use is 123456 and it's directed against one server? I read that people correlated the information with whatever information you need to sign up with Chivo but I also find that odd, won't most applications (especially banking related) collect mostly the same data? I'll call it a rumor until someone can prove that it came from Chivo's database.
Also, looks like you need a link to your nostr profile here:
There’s also another coincidence: the number of Chivo’s downloads and the the number of people involved in the data leak. In my country they say: “three coincidences make a proof”, which is obviously not true, but it’s at least highly, highly, highly suspicious.
New evidence came out last night
https://atlas21.com/el-salvador-group-of-hackers-publishes-chivo-wallet-atm-code/
Thanks for keeping us updated🤙
Update: Chivo responded but didn’t provide actual answers.
Lol that was a shite response from Chivo if the personal data leak is actually from Chivo's database.
If you trust your Government you're gonna have a bad time
I guess my commit may have been retorical I was unable to see the full news commit u tell I turned my screen in the horizonal direction.
Unfortunately it had to be expected that something like this would happen
I'd venture to assume that the biggest problem with custodial solutions isn't necessarily an internal rugging but the fact that its a central point of failure. Your custodial funds are just one password away from being compromised.
KYC = breach of public trust (look that up in a blacks law dictionary, breach of trust is a very very serious offense)
Be careful what your Marxistic, control freak, emotional mind wishes for. Security does not need control, it needs privacy.
You'll learn to appreciate Monero's total delisting from CEX.
Where's no data there are no data breaches
they literally can't. they need to be instantly gratified by the price of bitcoin. they'll do anything to make the price go up.
Not great
Jesus 😡
They didn't even anonymize or mask the data, or archive anything. Absolutely idiotic.
And they had all sorts of data they didn't have any possible use for.
Another proof you can’t trust a government even if it’s pro-bitcoin…
I can't believe Chico is this old and nobody secured the data set.
Afaik using Chivo is not even mandatory there… One can use Strike or any other wallet. This probably shows the downside of having a popular president who receives a lot of trust - people install and use whatever he recommends…
I think they got the data from the registry office to send everyone the initial $30.
It would be hilarious if it wasn’t so sad.
El Salvador is crawling with Bitcoin devs, now, too. There's no excuse to not have had an audit.
Ha ha. Their data probably got leaked, too.
The thing that upsets me most is that none of the articles seem to think it's weird that it's even possible to leak this data.
They all think the leak is the problem, not the data collection, handling, and complete lack of information security.
I bet anyone working on this database could see all this data. 😱
Lol. Well played Bukele. Well played. 👏👏👏 You can't help but be a touch curious about Dorsey, Mallers, and Saylor as well.
No download links. Fake. 👎
You should be ashamed.
