Dirección de Impuestos y Aduanas Nacionales (DIAN), the Colombian tax authority responsible for managing national taxes, customs, and corporate entities, has allegedly been compromised. The breach reportedly stems from a known, unpatched vulnerability in the DIAN appointment platform, which was developed by the Colombian company Cielingenieria. The unauthorized access has reportedly resulted in the extraction of a 16GB SQLite database, which is currently being offered for sale on a hacker forum for $2,000 USD. The seller also claims to be providing custom software that leverages this active vulnerability to extract additional documents, including information on foreign citizens and companies.
According to the actor, the breach contains 18 million records belonging to Colombian citizens. Based on the provided database structure, the allegedly compromised data includes:
-
First and last names
-
Identification types and numbers
-
Email addresses
-
Mobile phone numbers
Daily Dark WebRead More
R1
T1
