An author on Habr reported a vulnerability in the new Unified Military Registry. They noted that any authorized user of Gosuslugi (Government Services Portal) could easily view all personal data of conscripts from Gosuslugi, "including full name, date of birth, address, TIN, SNILS, driver's license details, passport and other documents," through the system.
However, the registry developer, PJSC Rostelecom, stated that it "categorically refutes the disseminated reports" about such a possibility.
Access to data in the registry is granted only to citizens using the unified state authorization system with mandatory additional confirmation via SMS message to a phone number. Rostelecom ensures the highest level of information security for this system and the Gosuslugi portal, as well as the safety of personal data.
The Ministry of Digital Development also denies any such leaks or vulnerabilities, stating that "none have been recorded." The ministry's press service assured that authorization through Gosuslugi works correctly on all resources, and "there is no way to find information about Gosuslugi users by ID number."
The Unified Military Registry website went live on September 18 in test mode. Currently, it can be used by three regions of Russia: the Republic of Mari El, Sakhalin and Ryazan regions.
Read more on this topic:
Hackers attack Russian antivirus vendor Doctor Web
Website of the Association of Tour Operators of Russia (ATOR) suffered a DDoS attack
Sly, fast, stealthy: new malware Loki attacks Russian enterprises
