Everyone is most likely aware of the El Salvador data leak that made the news a few days ago. According to reports, the hacker released sensitive information of more than 5 million people on the dark web. In addition, the cybercriminal who orchestrated this heist did so because the government refused to meet his demand.
The unfortunate incident puts the lives of almost the entire El Salvadorian populace at risk. Considering the impact of this event, Tectum decided to analyze how it occurred and explain why most data architectures are deeply flawed. In this article, we will also explain how SoftNote would have stopped this from happening.
As you are well aware, El Salvador recognizes Bitcoin as a legal tender. To support its adoption of Bitcoin, the government created Chivo – an electronic wallet that enables people to pay for products and service in dollars and Bitcoin. This wallet combines the features of traditional payment gateways and a crypto wallet.
The authorities developed a database to store the details of users. This storage system contains 144 Gigabyte worth of data, including the full name, unique identity number, date of birth, address, and an HD pic of every user.
As mentioned earlier, this cloud-based system contains the personal information of around 5 million individuals. To put things into perspective, the total population of this Central American country is just over 6.3 million. This means that well over 90% of the populace is affected by the El Salvador data leak
According to the report from Databreaches, the details were gotten from a cloud backup made by Alejandro Muyshondt. While the speculations are that he got the details from as part of a vaccination project, it is still unknown the former government official came about this data.
Individuals on social media even link the source of the data as part of the registration process required for creating an account on Chivo. David Gerrard, a blockchain blogger, postulated that the leaked data came from the KYC process for registering on Chivo.
The former national security advisor is no stranger to controversy. He was arrested sometime in August for leaking sensitive information to Mauricio Funes when the former president was trying to evade the authorities.
While everyone is focusing on the El Salvador data leak itself, very few people seem to be talking about the impact on all stakeholders. In this case, the stakeholders imply the governments, citizens who signed up to the Chivo wallet, and other investors. Just like every unfortunate incident in Web3, the impact is significant.
The most evident impact is the safety of the victims of this mishap. Most people tend to define security in terms of encryption when it extends beyond that. Privacy is an essential part of protection, and this data leak proves this.
Imagine what a malicious individual can do with your full name, unique ID number, birth date, and full address. They can easily create your digital clone and do just about anything with it.
The dark web is a terrible place where a lot of unethical things happen. There have been reports of just about anything getting bought and sold there. With these details, criminals do not need to create fake identities. They can open ban accounts for fraudulent actions using real names, pictures, and identification numbers.
Besides security, another impact is the level of trust in both the government and blockchain technology. Most people are already skeptical about decentralized finance, and this incident increased their prejudice towards Web3 in general. With this hack, people will question the safety of the digital assets stored on Chivo wallet. If someone can steal all their personal information from the government, what is the assurance that their cryptocurrencies and dollars are safe?
Traditional media will also use this opportunity to drive the narrative that blockchain technology is unsafe. On their part, many investors will become wary on putting their money on blockchain enterprises and products. Start-ups face Herculean tasks convincing capitalists to invest in their ideas, products, or services.
We stated earlier in this article that Tectum SoftNote would have prevented the El Salvador data leak. To enable people to understand how our technology would’ve ensured better user protection, we need to outline how data architecture works. Individuals can also read the article on Tectum SoftNote: Privacy, to get a better understanding.
Most companies typically gather individual data and store it in a central database. The El Salvador government followed a similar path and the hacker exploited this vulnerability, resulting in the data leak. Most persons are probably surprised, considering that blockchain is a decentralized ledger.
El Salvador acted like most leadership institutions and prioritized control over democratization and security. For a better understanding, think of the Chivo wallet as having an account with a centralized exchange.
Besides centralized storage, another issue with most data architectures is the authorization and authentication protocols. Thanks to the centralized nature of storage, anyone who gets through security has unlimited access to every available information on the server.
Most systems do not have layers of encryption that restrict people to specific sections of the system. This explains why the national security advisor could have access to vaccination data, especially when his office has nothing to do with national security.
Finally, the security measures of most data architectures are simply not good enough. Most systems typically use passwords for encryption. While they are secure, passcodes are the rudimentary form of protection. Hackers can easily find a way around this form of security.
Having outlined where the flaw of El Salvador that led to the data leak, let’s examine how Tectum SoftNote would have prevented this incident. Firstly, SoftNote does not require people to share excessive information to utilize our services. This is because this wallet utilizes zero-knowledge proofs when authorizing data transfer.
This means the El Salvadorian government would not have required the full names, dates of birth, addresses and unique identity numbers of those for vaccination. SoftNote would be able to ascertain those who have been vaccinated through using a complex mathematical computation. With no data shared, there will be nothing to steal.
More importantly, SoftNote is built on Tectum – the fastest layer-1 blockchain network. Since it is decentralized, each individual will have complete ownership of their information. Since the network is decentralized, the hacker will have to access the wallets of every single one of those 5 million people to access their private information. Well, we wish him good luck on that mission because he will need it.
If you are wondering what it takes to hack a SoftNote user, this wallet uses multiple authentication measures for encryption. For example, users must input a one-time password after entering their username and password to access their accounts. This extra layer of security means that the hacker must bypass the extra security layer of all 5 million persons to access their data.
As shown above, it is almost impossible to steal and leak data of SoftNote users like what happened with Chivo. This explains why members of the Tectum community trust our noncustodial wallet.
Tectum SoftNote is a simple and secure medium for storing digital assets. Users who want to join the ecosystem can do so by following these steps:
Meanwhile, Tectum has even better news to share with interested persons. The team is working towards a no-KYC system that will not require individuals to submit sensitive information to verify their identity. This will further reduce the amount of information people have to share and strengthen their privacy.
