A website belonging to the Venezuelan army has been hacked by Kapustkiy, who managed to breach a database containing thousands of accounts, including personal details such as phone numbers.
Specifically, Kapustkiy broke into CATROPAEJ, which in Spanish is described as “Caja de Ahorros de la Tropa Profesional del Ejercito Bolivariano Venezolano,” and exposed a total of 3,000 accounts, with information such as full names, email addresses, and telephone numbers.
Furthermore, Kapustkiy told us a few minutes ago that he also discovered some logins for the Army’s webmail system, which made it possible to read personal information of registered users, but he emphasized that he “didn’t do it” because the final purpose of the breach is to help authorities find out about their security issues and address them.
Site already hacked in the past
Probably the worst thing is that the same website already got hacked in the past and Kapustkiy says that administrators failed to fix the problem, so the same vulnerability still exists despite the original breach.
Kapustkiy, who is no longer a member of the Powerful Greek Army, describes himself as a Security Pentester and says that all his breaches are supposed to uncover the security vulnerabilities in government websites, only to help authorities fix them before it’s too late.
His efforts haven’t gone unnoticed, as both Italian and Indian authorities worked together with him to patch vulnerabilities he discovered in their websites.
In the case of Venezuela, however, for the simple fact that the breach was already discovered months ago but local authorities failed to patch it, it’s hard to tell whether any change would be made this time.
And it goes without saying that this can only be bad news given the fact that details of nearly 3,000 people are exposed, including phone numbers and even email accounts that can be easily accessed by anyone who can reproduce the attack.