Ukraine-Moldova border crossings data exposed

Border crossing records leaked, Moldova — Image by Cybernews.

A high-severity data leak has exposed travelers between Ukraine and Moldova. Their passport numbers, vehicle details, names, and other detailed data were found lying bare in an unprotected Elasticsearch instance.

On April 27th, 2024, the Cybernews research team discovered an unprotected Elasticsearch (data analytics and search engine) server containing detailed customs and border-crossing records between Ukraine (UA) and Moldova (MD).

The instance did not require any authentication, despite storing highly sensitive personal data.

The metadata and other internal identifiers suggest the database is seemingly maintained by Moldovan border control and customs authorities (“Serviciul Graniceri”), the exact agency or vendor responsible for the data leak remains unconfirmed.

The exposed data, spanning at least one year (2023-2024), contained the following:

Drivers' full names
Passport numbers
License plates
Vehicle Identification Numbers (VINs)
Vehicle types
Transit routes
Residency status and other details

“This data exposure is particularly critical due to Moldova’s geographic and geopolitical position. The Ukraine-Moldova border is a crucial transit route, particularly in the context of Russia’s ongoing war in Ukraine and Moldova's strategic importance to both the EU and NATO,” Cybernews researchers said.

Due to the ongoing war, a state of emergency has been declared on Moldovan territory to ensure the efficient management of migration.

Since multiple duplicate entries were present, it was difficult to estimate the exact number of affected individuals. However, the researchers reasonably assume that the leaking instance contains records on virtually every individual and vehicle crossing the border within the specified 2023-2024 period.

The instance was silently removed from public access a few days later with no official confirmation or statement. It's unclear for how long the data has been left exposed or whether unauthorized entities accessed it before the data was secured.

Cybernews has reached out to the Moldovan Border Police for a comment. However, we did not receive a response before publishing.

National security and personal privacy risks

The exposure of travelers between two countries, one of which is at war, poses serious national security and privacy risks, Cybernews researchers warn.

The leak is a treasure trove for cybercriminals, espionage organizations, and other threat actors.

The researchers highlight four main risks:

Espionage and Intelligence: Foreign intelligence agencies, state-sponsored threat actors can use the data to track movements of key individuals or monitor specific routes and border activity.
Smuggling and illicit trade: Criminal organizations might exploit loopholes by analyzing border-crossing patterns and other customs activities.
Targeted attacks and blackmail: Cybercriminals can target individuals who frequently cross the border for coercion, blackmail, or surveillance.
Identity theft and fraud: Sensitive data, such as passport details and personal information, could be used for document forgery, financial fraud, or unauthorized border crossings.

“Securing this kind of data should be a top priority. Authorities must restrict public access to sensitive records and implement strong authentication controls for all sensitive databases,” Cybernews researchers said.

“Moreover, encryption and access controls should be implemented to protect the sensitive information from unauthorized exfiltration.”

Don’t miss our latest stories on Google News

The lack of response from the Moldovan authorities also raises concerns about transparency and accountability.

The researchers recommend that authorities conduct a forensic analysis to determine whether the data was accessed by unauthorized parties, and notify affected individuals and entities whose sensitive personal and transit details were exposed.