On March 17th, cybersecurity company VECERT Analyst reported a data breach at QuoVadis Venezuela attributed to the attacker “malconguerra2.” The attacker has already been responsible for breaches of Cashea and BT Travel, and adds to a recent wave of incidents that affected other platforms in the country, including Yummy Rides and Rapikom.
According to the VECERT team, the new QuoVadis breach exposed over 43,000 records. Contains data from 23,362 customers.
According to the report, the leaked files contain the following content: Digital copies of your passport and ID, credit card details and complete payment historytravel records and information from affiliated agents. VECERT explained that the amount of information leaked exceeds 100 megabytes (MB).
Combining identity documents with complete financial data is especially sensitive. This type of information enables bank fraud, identity theft, and attacks such as: Phishing Practicing as instructed Attacker simulates legitimate communication from company Obtaining people’s personal data and compromising their bank accounts, cryptocurrency wallets, etc.
As of this writing, QuoVadis has not released an official statement explaining what happened. The company is based in Caracas, Venezuela and focuses on personalized services, flights, packages, travel, and domestic tourism.
Same actor, 3 victims in 1 month
The attack on QuoVadis is not an isolated incident. As explained by CriptoNoticias, “Malconguerra2” is the same actor responsible for VECERT. BT Travel Venezuela leak, Reported on March 16th.
In this incident, the breach affected more than 56,000 customers and exposed 1 gigabyte (GB) of sensitive information, including passports, IDs, credit cards, and 36,614 travel records. Previously, on February 21st, Same attackers are blamed for the Cashea breacha 46.5 GB database containing over 79 million transaction records was compromised.
At the time, the digital credit platform confirmed this event, but The possibility that the user’s password or account has been compromised has been ruled out. This series of incidents – three within a month and two against the tourism industry in just 24 hours – represents what VECERT describes as a “campaign against the country’s tourism infrastructure”.
Cryptocurrency analyst known as Cisco at X rated ‘malconguerra2’ as follows: “The most prolific cyber attacker in Venezuela’s digital history” “This is not over yet,” he warned. In his book, he also noted the lack of official response: “Will some authority say something? Or will we all just pretend nothing is happening?”
Five applications have already been compromised in Venezuela
On March 8th and 9th, the Venezuelan digital ecosystem recorded leaks of Yummy Rides and Rapikom. VECERT believes this time it is the work of a different attacker, identified as “GordonFreeman.”
The Rapikom breach exposed 5,000 records, including passwords, payment methods, tax information, and contact information for affiliated companies. The Yummy leak exposed 30,000 images related to the identities of drivers registered on the platform.
Publish driver photo and name, unlike financial data Represents a physical safety risk to those affected.
Similarly, a sixth vulnerability, which emerged in Venezuela in early January, may be added. Kontigo, a Venezuelan financial services platform with digital assets, was compromised on January 5th. Outflow of more than 300,000 USD in USDC. However, the next day, the company assured affected users that they would be refunded their funds.
In summary, the leak appears to be due to ‘malconguerra2’ at Cashea, BT Travel and QuoVadis More than 47 GB of total data. BT Travel and QuoVadis have more than 79,000 customers whose credit card data was compromised, but the sources did not say how many records contained that specific data. Regarding the Yummy Rides and Rapikom leaks attributed to “GordonFreeman,” VECERT did not detail the amount in gigabytes.
Considering the accumulation of incidents, this pattern suggests two specific needs. On the business side, Strengthen your security architecture Use this to store sensitive client data. On the user side, evaluate which platforms you share financial and identity information with, keeping in mind that once data is filtered, it cannot be recovered.
(Tag Translation) Hacker
