Brinztech Alert: The Alleged Database of Comune Selargius is on Sale

Dark Web News Analysis

The dark web news reports a severe data breach involving Comune Selargius, a municipality in Sardinia, Italy. A threat actor is actively selling a database allegedly containing the personal information of approximately 124,000 users.

The compromised fields are critically sensitive and suggest a breach of a specific digital service or app used by the municipality. The dataset reportedly includes Full Names, Email Addresses, Plaintext Temporary Passwords, and uniquely, GPS Coordinates. The exposure of passwords in Plaintext (unencrypted) indicates a significant failure in security architecture, allowing immediate access without the need for decryption.

Key Cybersecurity Insights

Breaches of local government entities involving geolocation data create physical safety risks that far exceed typical financial fraud:

• Physical Stalking & Burglary: The most alarming aspect is the exposure of GPS Coordinates linked to Full Names. Criminals can map these coordinates to identify the exact home addresses or daily movement patterns of citizens. This “doxxing” capability can facilitate stalking, harassment, or targeted burglary, especially if the data reveals when users are away from home.
• Plaintext Password Exposure: The leak of Plaintext Temporary Passwords is a critical vulnerability. Users often fail to change temporary passwords upon first login. Attackers can use these credentials to immediately access the Comune’s portal, potentially viewing tax records, fines, or other administrative data.
• GDPR & Regulatory Fines: As an Italian public administration, this breach represents a severe violation of the GDPR. The failure to salt/hash passwords is a specific violation of the “State of the Art” security requirement (Article 32), potentially exposing the municipality to significant sanctions from the Italian Data Protection Authority (Garante Privacy).
• Lateral Movement: If the compromised accounts belong to municipal employees as well as citizens, attackers could use the valid credentials to move laterally into the internal government network, deploying ransomware or exfiltrating deeper administrative archives.

Mitigation Strategies

To protect citizen privacy and municipal infrastructure, the following strategies are recommended:

• Forced Password Reset: The IT department of Comune Selargius must immediately invalidate all current sessions and force a global Password Reset for all 124,000 affected accounts.
• Service Suspension: Consider temporarily taking the affected portal offline to patch the vulnerability that allowed the SQL dump and to implement proper password hashing (bcrypt/Argon2) before bringing it back online.
• Citizen Notification: In compliance with GDPR, the municipality must notify affected citizens about the breach, specifically warning them that their location data and passwords were exposed, and advising them to change identical passwords on other sites.
• MFA Enforcement: Implement Multi-Factor Authentication (MFA) via SPID or CIE (Italian Digital Identity systems) to ensure that a stolen password alone is insufficient for access.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com