Peru: Identity theft backdoor in the system for claiming government aids in response to the COVID19 economic crisis

A vulnerability in the Bono Familiar Universal, the platform used to distribute the financial subsidy provided to households in precarious economic situation by the Peruvian government in response to the Covid-19 pandemic, enabled the subsidy to be accessed by malicious individuals.

The vulnerability was reported by Deep Security, and it was resolved but an undetermined number of malicious individuals were able to pose as beneficiaries to access the platform and collect the subsidy themselves. The public prosecutor was investigating.

It these malicious individuals were able to access the beneficiaries’ profiles on the platform using their identity numbers, National Registry of Identification and Civil Status (RENIEC), and other personal data they likely obtained on the back market selling leaked data from RENIEC.

Source: https://hiperderecho.org/2020/06/lo-que-nos-ensena-la-suplantacion-y-robo-a-los-beneficiarios-del-bono-familiar-universal/

Writer: Miguel Morachimo
Publication: Hiperderecho