14 DAY TRIAL // Akado Telecom, a Russian internet provider operating in Moscow, accidentally uploaded the personal information of thousands of customers to RIPE NCC's servers, according to Reuters.
Reuters managed to find and access hundreds of personal records of Akado Telekom customers, among which they were able to see the addresses and phone numbers of Russian government officials and some Russian celebrities.
The leaked customer information was unintentionally uploaded to the database of RIPE NCC by Akado Telecom employees who forgot to sanitize it beforehand by removing the unneeded personal info.
According to RIPE NCC's website, it is "is one of five Regional Internet Registries (RIRs) providing Internet resource allocations, registration services and coordination activities that support the operation of the Internet globally."
What is clear is that RIPE NCC does not require any of the organizations that use its database to list their IP addresses to also attach personally identifiable information (PII) for the individuals/organizations it adds to RIPE NCC's database.
The database containing the PII of thousands of Akado Telecom customers also bundled contact info of banks' and government agencies' staff
The incident happened because Akado Telecom is a member of the registry and it is required to periodically update the public database with the IP addresses information it allocates to its customers.
According to Vladislav Zdolnikov, founder of the TgVPN service, "Akado Telecom operates three subnetworks with 24,500 IP addresses in total," and its customers are mainly from Moscow's wealthiest districts.
The database containing Akado Telecom's customers PII also included contact information for staff members of government agencies and banks who used the services of the Russian ISP.
“We always respond to criticism with attention and gratitude and conduct thorough analyses to uncover vulnerabilities in our information systems in order to prevent possible data leaks,” said an Akado Telecom in a statement.