An anonymous profile on a forum dedicated to data exchange announced the sale of an archive containing the vaccination information of 7,395,688 Italians. Although it is not possible to verify the size of the database offered – which can only be consulted after purchase -, the anonymous merchant has made public three example files, which contain a total of the data of a few thousand people, which Italian Tech has been able to verify and which they are largely, if not entirely, referred to professionals enrolled in the National Order of Psychologists, coming from various regions of Italy.
These include the name, surname, email address and tax code of the victims, associated with what appears to be the vaccination status of the victims and the registration number in the professional order they belong to.
Contacted by Italian Tech by phone, some of the victims confirmed their enrollment in the Order of Psychologists, showing understandable disappointment at the news of the data leak. None of the people contacted wanted to specify whether she had already been vaccinated against Covid-19.
In one of the archives disclosed, in textual format, a reference to the “requested sending date” appears and each of the dates indicated dates back to a period of time between 27 February and 8 March 2021. A time is also indicated for each date , which suggests it is one automatic registration list and that could refer precisely to the registration for obtaining the vaccine. In a second file, which contains over 800 identities, the wording “already positive” is read instead. The National Order of Psychologists did not immediately respond to a request for comment from Italian Tech.
“I have exfiltrated this data during the last month,” he writes in the post announcing the sale, anonymously cyber criminal: “Some of the vulnerabilities are still open and not [sono state] disclosed, but they are not for sale ”, he specifies. According to information shared publicly by the criminal himself, the archives contain the data of over 7 million users, including 6.5 million unique email addresses and 5.3 million passwords, “mostly protected by encryption,” he adds. However, the National Order of Psychologists currently has about 100,000 members, and it is therefore likely that the entire database – if any – also refers to other professionals. Among the general information, the seller specified that he will sell the entire archive only twice: a method to prevent the data inside it from losing value.
“The most likely hypothesis is that one of the booking portals has been compromised, which would explain the presence of the consents”, Matteo Flora, IT security expert and one of the first to analyze the samples, commented to Italian Tech: ” data are recovered, the ‘fashion’ of the moment is either a common SQL-Injection or the increasingly widespread attacks on APIs left unsafe ”. The reference is to two different methods of attacking a computer system, generally based on poor configuration or maintenance of the same. Italian Tech tried to contact the seller through the channels indicated by him to conduct private negotiations, but he did not want to answer our questions.
.