A file with personal information of 25,000 applicants for the residency exam in Medicine were leaked this Friday, exposing numbers of DAYS, Telephones, e – mails and username and password of the annotated. The information was confirmed at Clarín by sources in the Ministry of Health: “It was a one-time mistake of the system developer,” they explained.
While the security breach has already been fixed and the information cannot be downloaded from the official site, the file is already circulating and this poses a huge danger to the security of those who applied for the exam: your personal data is already in circulation.
During this Friday afternoon, several Twitter users warned of the situation, following the corroboration of the incident by the Instagram Medical Graduate account, which called to change passwords to avoid further problems among those affected.
The main problem is that the data was stored without any security measures to protect the information, which is why it could be downloaded in a .csv file, similar to a .txt.
Password change notes. Instagram photo
Computer security expert Javier Smaldone posted April tweets explaining the situation. “I can’t get the words to explain how dirty it must be to, in the middle of 2021, store passwords in plain text. In addition to being stupid in terms of security, it is already a violation of users’ rights (because even if they are not leaked , the system administrator can see the keys) “, He added Clarín.
is urgent that those who applied for the exam change their passwords. “People are now going to have to change their keys … in the mail (And social media, because with the cell phone number comes money). Unfortunately, he cannot change the rest of his personal data, “the computer expert explained.
The file in circulation
The register, which could be accessed from the official website of the Ministry of Health, published the personal data of the annotated for a short period of time.
On Twitter, several users also tried to spread the situation. Other users warned of the importance of communicating the fact so that those affected change your passwords:
the information is no longer available for download. The problem is that once these types of files are circulating, passwords and personal data can be sold for cybercriminals to use: from stealing personal information to extorting those involved.
The file with the keys became even a matter of humor in networks.
The vulnerability of reused passwords
There is a second problem associated with passwords that exceeds the exam registration pattern: one of the most common errors is repeat keys on different platforms (And, according to Google, used by 52% of users).
Repeating simple passwords in all the services we use is an invitation to what is known as “filled with credentials“, A practice in which cybercriminals” sweep “from bots the logins in various services until they manage to enter because, precisely, we repeat the same key everywhere.
One of the solutions to these scenarios from a password manager.