The website Iimobiliare.ro, Romania's biggest advertisement platform for real estate ads, was infringed last December by a security breach that allowed unauthenticated access to more than 201,087 files in the company's data archive (including copies of identity cards), as reported by the IT security experts- Website Planet, informs the specialized site DPO-net.ro. The operator reported last month that it had remediated the flaw but did not report it to the Data Protection Authority.
Although it remains unclear if consumer knowledge has fallen into harsh hands, as there is no password protection or authentication on the bucket of the company. The leaked data has been saved in 35,738.PDF and 165,316.JPG files, including full names, telephone numbers, home addresses, emails, CNP (social security), and personal signatures. This included personal identity information (PII) as well. Notably, anyone can just insert a correct URL to reach the bucket.
This violation disclosed over 200,000 documents, but the exact number of persons impacted by the violation remains unclear. Additional customer information compromised includes real estate contracts between customers and the company, property records including architectural plans, detailed descriptions and location, land extractions and ANCPI document, user profile photos, scanned copies of national identity cards containing the identification of codes, demanded property price, detailed explanation of properties including Real estate agreements.
Imobiliare.ro officials stated, "In January 2021, we detected a potential vulnerability in our internal data storage systems. Our company promptly launched an investigation. The vulnerability was quickly remedied. Internal investigations on the causes and potential consequences continue. We ensure in this way that for Imobiliare.ro data security is a priority and work continuously to protect the confidentiality and integrity of our platforms, meeting all current standards and in cooperation with. "
Given the nature of the leaked information, the possible effects on consumers may be serious. Initially, malicious actors may use the information to learn about the residential address of the person, the estimated sales, and the financial status. Explicit financial data or information was not leaked, but unauthorized users could use property values as a proxy indicator for net wealth. Identity stealing is the primary concern of this material, but even other crimes such as robbery are more likely to arise from the leak.
Imobiliare.ro users may have done little to avoid leakage of their results. The organization is held responsible for the server leak. Users will nevertheless minimize the danger they pose from weak cybersecurity from third-party firms, such as customer credit reviews offering identity recuperation support if they have leaked personal data to destroy the credit records of others or commit other crimes under a presumed name.