The official website of the Russian National Visa Bureau in the Netherlands got hacked a few hours ago, with information of thousands of people exposed.
Security pentester Kapustkiy is the one who breached the website, and in a private conversation with Softpedia earlier today, he said that he didn’t want to leak any information given the fact that personal details are included in the databases he accessed.
Softpedia was also provided with evidence of the breach and we can confirm that the databases included names, phone numbers, and emails, with at least one account also being associated with what seem to be login credentials (including a hashed password).
The description of the website indicates that a potential hack could indeed expose sensitive details that are typically included in visa applications.
“Welcome to RNVB (Russian National Visa Bureau) - We are a daughter company of the PDC foundation, approved by the Russian Chamber of Commerce and Industry of the Russian Federation in the Netherlands. RNVB was founded in 2003 to provide visa services for some of the largest Dutch companies working in the Russian Federation. We also provide visa services for middle-small business representatives and private customers,” the site description reads.
Kapustkiy told us that approximately 13,000 accounts were exposed after the breach, but he says he’s “not going to publish it because of the kind of data it has.” The hack was based on a blind injection, he told us, and it was already reported to site administrators to prevent further attacks.
Another website, same vulnerability
Furthermore, Kapustkiy also revealed that after closely inspecting the website, he discovered that the Russian National Visa Bureau is hosted on the same server as the Consular Department of the Embassy of the Russian Federation in the Netherlands, which he hacked as well a few days ago.
They both have the same vulnerability, and although site admins have already been informed about the breach, websites are still up and running presenting the same security flaws.
Kapustkiy says he was already contacted by ambru.nl admins who told him a fix would be released in the coming days, but the website wasn’t taken offline during this whole time.
UPDATE, December 15: Site admins have responded to Kapustkiy, saying that they're going to look into the breach and address the vulnerability. The site is still up at this point, but some downtimes are expected as fixes will be implemented.