Enormous Leak - Brazil’s Population Data Exposed

Uploaded on 2024-01-15 in GOVERNMENT-National, FREE TO VIEW

Threat actors had public access to the private data of hundreds of millions of Brazilians, putting individuals at risk of identity theft, fraud, and targeted cybercrimes. Research by Cybernews has revealed a publicly accessible Elastic search data cluster, which contained a staggering amount of private data belonging to Brazilian individuals.

Elasticsearch is a distributed, RESTful search and analytics engine capable of solving a growing number of use cases and is a commonly used tool for the search, analysis, and visualisation of large volumes of data.

The cluster, stored on a cloud server, contained data with personal financial data, full names, date of birth, sex, and Cadastro de Pessoas Físicas (CPF) number. The 11-digit number identifies individual taxpayers in Brazil.

The leaked data, which has not been linked to a specific company or organisation so far, contained more than 223 million records, which implies that the entire Brazilian population might be affected by the leak. While the data is no longer publicly available, in the hands of a malicious actor, the exposed data could have been misused for identity theft, fraud, and targeted cybercrimes.

This could result in financial losses, unauthorised access to personal accounts, and other severe consequences for those individuals whose personal data was exposed.

Weaponised Private Data

Leaked or stolen private data are often used as a catalyst in devastating cyber attacks. Most of the time, these nefarious incidents hit like a scattergun, harming the primary target of the attack and dealing collateral damage to the individuals unwillingly participating with their stolen data. The importance of safeguarding personal details cannot be overestimated as data breaches grow t in scale and frequency.

Good cyber hygiene when going online and caution when sharing private details on online platforms, and awareness of your digital footprint is vital.

In 2022 threat actors listed 23 terabytes of data on one billion Chinese nationals and several billion case records from the Shanghai police. Personal data from 105 million Indonesian citizens, including ID card numbers, full names, dates of birth, and other personally identifiable information (PII), has also been leaked and offered for sale online.

BitDefender: BHRRC: Security Affairs: Cybernews: TechRadar: Beta News: SOS-VO: Reuters:

Image: MTHV

You Might Also Read:

Taiwan's Entire Population Database Stolen:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.