Hacked Bulgarian database reaches online forums

Data on millions of people stolen from the Bulgarian government has already popped up on hacker trading forums.

A hacker originally stole the data from the National Revenue Agency (NRA), which is part of Bulgaria’s Ministry of Finance, sending media outlets a link to the downloadable copy last Monday, 15 July 2019. The NRA confirmed this in a statement on its website.

After analysing the leak, it said that the data had been stolen around three weeks before. The hacker had accessed only 3% of its systems, it said in an update the following day.

ZDNet learned that a hacker known as Instakiller obtained the documents after a local TV outlet displayed a link to the file. It was password protected, but the hacker gave it to members of a forum, who cracked the password within hours.

According to local media reports, data came from sources including the Employment Agency, Bulgarian Excise Centralized Information System, and the National Health Insurance Fund, alongside the NRA.

Aside from names, addresses and other personal details, the data included several hundred thousand photographs of citizens’ faces. The hacker sent media 57 compromised databases totalling 10.5GB but claimed to have 110 databases amounting to over 20GB. The hacker told media (translated):

More than five million Bulgarian and foreign citizens as well as companies are affected

In a country of 7 million people, this represents almost the entire adult population. The hacker also criticized the Bulgarian government’s cybersecurity and called for the release of Julian Assange.

In a message sent to a local TV station, the alleged hacker claimed to be a Russian married to a Bulgarian. He had a grievance against Bulgaria and threatened to reveal more data if the government did not “reveal the truth”.

On Wednesday, 17 July 2019, Bulgarian authorities announced that they had arrested a suspect in connection with the theft of the data, and on Friday, a local news outlet reported that a 20-year-old Bulgarian citizen had been arrested in connection with the hack, and subsequently released on bail.

Government officials later determined that he had not hacked Bulgaria’s critical national infrastructure and that the data released was “not particularly dangerous”.

They consequently downgraded the charges against him, and he now faces up to three years in prison for the lesser charge of ‘crime against information systems’, rather than the eight years under the previous charge of ‘computer crime against critical infrastructure’.