Discovering the Undiscovered: How Our Founder Unearthed a Massive Security Breach

In the digital age, where data breaches and cyber threats are becoming increasingly common, it’s essential to have vigilant cybersecurity experts who can identify and rectify vulnerabilities before they cause significant harm. One such individual is Alexandru Panait, a young Romanian entrepreneur and cybersecurity researcher, who recently uncovered a significant security flaw that could have jeopardized the personal data of millions of Romanians.

The Discovery

At just 25 years of age, Alexandru Panait, the brain behind the ePrimariaTa project, which digitized hundreds of town halls, identified a major security breach on SNEP (Romanian National Payment System). This flaw could have potentially exposed the personal data of millions of Romanians, including their CNP (personal identification number), addresses, and details about their assets.

Alexandru discovered this vulnerability on April 1st 2021. While using the ghiseul.ro platform, his extensive experience in information security allowed him to notice that SNEP had a significant security gap. This breach could provide unauthorized access to the CNP of asset holders from all institutions enrolled in the national system, as well as their addresses and details about the assets they own.

The Response

Realizing the gravity of the situation, Alexandru immediately reached out to the legal partners at the Blockchain Romania Association where he is Honorific Vice President. They advised him to report this major security issue to the appropriate authorities. Consequently, on the same day, Alexandru filed a report with DNSC.RO (Romanian National Directorate for Cybersecurity), providing all the details necessary to reproduce this vulnerability. He emphasized that this flaw, which exposed users’ personal data, was identified while using the system as intended.

Alexandru further shared his analysis, which indicated that this vulnerability had not been exploited by anyone. He estimated that up to 10 million identities could have been exposed. He also explained how to verify if the vulnerability had been exploited.

Collaboration and Resolution

The National Center for Response to Cybersecurity Incidents, the Authority for the Digitalization of Romania, and Alexandru-Ionuţ Panait collaborated to address and rectify this vulnerability. Alexandru’s calculations suggested that an attacker, by creating an algorithm to replicate the vulnerable flow, could potentially exploit the data of approximately 14 million Romanians.

The representatives of the National Center for Response to Cybersecurity Incidents highlighted the importance of cybersecurity researchers in Romania. They emphasized that there’s a significant number of specialists who focus on discovering and responsibly reporting vulnerabilities detected in online platforms, services, and applications.

Conclusion

This incident underscores the importance of cybersecurity and the role of vigilant researchers like Alexandru Panait. His proactive approach not only prevented a potential data breach but also highlighted the need for continuous monitoring and improvement of online platforms. The official article by the National Directorate of Cybersecurity from Romania further validates the significance of this discovery.

Sources: