Fabián Hurtado

🚨 CYBER INTELLIGENCE ALERT: ALLEGED LEAK OF FINANCIAL DATA - ECUADOR 🇪🇨 ⚠️ CRITICAL THREAT: 35 GB OF INFORMATION FROM SAVINGS AND CREDIT COOPERATIVES [STATUS: EVIDENCE AVAILABLE / UNCONFIRMED] The threat actor identified as tost0n has announced the exfiltration and public exposure of a 35 GB data batch hosted on a cloud server belonging to the infrastructure of the company VimaSistem (https://t.co/3Wfk6nStsc). This entity provides financial and management software solutions for severance funds, mutual societies, and savings and credit cooperatives in Ecuador. 🎯 Affected Entity: VimaSistem's cloud infrastructure and client cooperatives. 👤 Threat Actor: tost0n 🎯 Affected Entity: VimaSistem's cloud infrastructure and client cooperatives. 📂 Data Volume: 35 GB with records corresponding to the years 2024 and 2025. ⚠️ Verification Status: UNCONFIRMED EMAILS/SERVERS. The attacker included detailed proof-of-concept (PoC) files with real data from Ecuadorian citizens, but these have not been individually verified or analyzed. 🏢 AFFECTED FINANCIAL INSTITUTIONS (LIST OF DOMAINS) The leak encompasses databases and records linked to multiple savings and credit cooperatives (COACs) and funds within the country, including the following: https://t.co/Ijq9EtcTI9 (Pension Fund / Fondvida) https://t.co/cLPclJ0V4h (COAC San Gabriel) https://t.co/O97A3SwtJJ (COAC Rural Sierra Norte) https://t.co/OpAzL0dUUh (COAC Nueva Esperanza) https://t.co/wGc1J7xu07 (CACMU) https://t.co/3ufnUSwGoy (COAC Fasayñan) https://t.co/QzkWN9wF2C (COAC Cañar) https://t.co/O1OI5GusFP (COAC SEC) https://t.co/rD0dKUfYAl (COAC Sí) https://t.co/wuq8ea4cm0 (COAC Cristo Rey de Juana de Oro) https://t.co/te7mMFQvYR (COAC San Antonio) https://t.co/i9XbK7HHk9 (COAC Yuyay) https://t.co/uQtDpSR2Lx (COAC Gonzanamá) https://t.co/hFrJQDSj5V (COAC Emprender) 📂 ANALYSIS OF COMPROMISED DATA (PII AND FINANCIAL) Analysis of the exposed samples (PoC #1 and PoC #2) confirms that the dataset contains comprehensive and sensitive Personally Identifiable Information (PII) regarding the cooperatives' members: 🆔 Identification and Biometric Data: Full names and surnames, National ID numbers, dates of birth, marital status, and professions. Fingerprint Code (Biometric Data): A critical field that exposes the verification structure of the fingerprint registered with civil registry authorities (e.g., ). Issuance and update dates for identity documents. 📞 Contact and Location Information: Mobile and landline telephone numbers. Personal and institutional email addresses (e.g., internal audit departments of the COACs). Detailed residential address (Province/Canton/Parish and physical street names). 💳 Financial Data: Savings/checking account numbers and financial transaction records associated with cooperatives within the VimaSistem network. 🛡️ MITIGATIONS AND EMERGENCY RECOMMENDATIONS ⚠️ Robust Identity Validation: Cease using physical fingerprint codes or static ID card data as the sole telephone or digital mechanism for validating transactions or resetting web banking passwords. 🔍 Awareness Campaigns: Internally and proactively notify members regarding the risk of fraudulent calls, wherein attackers will impersonate cooperative employees—utilizing the exposed real addresses and account numbers—in an attempt to steal temporary verification codes. ⚡ MONITORING AND ASSESSMENT 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security at: https://t.co/YnDw1QjN9c #CyberSecurity #Ecuador #VimaSistem #DataLeak #COAC #FinancialSecurity #DataBreach #BiometricData #ThreatIntelligence #CiberAlerta #VECERT #Infosec