Tyler Cross
Published on: January 11, 2024
The information of hundreds of millions of Brazilians was found online. Researchers with Cybernews discovered a public Elasticsearch instance that contained entries for over 223 million individuals (this happens to be larger than the entire population of Brazil).
Elasticsearch is a tool that various companies use to search, analyze, and visualize stored data. The company provides users with an AI program that helps organize large quantities of data. In this case, the publicly accessible data happened to be extremely sensitive and contained a lot of Brazillian citizen’s personal information.
This included but wasn’t limited to full names, date of birth, sex, gender, taxpayer numbers, and Cadastro de Pessoas Físicas (CPF) numbers. CPF numbers are an 11-digit code that tracks citizens’ identities.
As of now, none of the leaked data is correlated with any specific company or government agency, so no one knows who is responsible for the leak. It’s also unknown if any threat actors were able to obtain the data before Cybernews researchers discovered it.
The instance has since been made private and can’t be accessed. If threat actors were able to obtain any of the data, the scale would be similar to the MOVEit attack from June 2023 and put millions of Brazil’s citizens in danger of having their identity stolen. In the MOVEit attack, hackers managed to exploit the MOVEit file transfer service and steal data from hundreds of millions of people around the world.
“This could have resulted in financial losses, unauthorized access to personal accounts, and other severe consequences for the individuals affected,” Cybernews reported.
Always be cautious when giving a company your information. When companies use third-party services that handle data for them, they run the risk of threat actors exploiting those services and stealing any of the sensitive info you may have given them.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.safetydetectives.com/news/leaked-online-data-may-contain-entire-population-of-brazils-info/
- :has
- :is
- 11
- 2023
- 40
- a
- Able
- access
- accessed
- accessible
- Accounts
- actors
- affected
- agency
- AI
- also
- an
- analyze
- and
- any
- ARE
- around
- attack
- avatar
- BE
- been
- before
- birth
- Brazil
- Brazilians
- but
- case
- cautious
- Citizens
- code
- Companies
- company
- Consequences
- contain
- contained
- could
- Cross
- cybernews
- DANGER
- data
- Date
- de
- discovered
- Entire
- Exploit
- exploiting
- extremely
- File
- financial
- For
- found
- from
- full
- Gender
- given
- Giving
- Government
- hackers
- handle
- happened
- happens
- Have
- having
- helps
- HTTPS
- Hundreds
- hundreds of millions
- identities
- Identity
- if
- in
- included
- individuals
- info
- information
- instance
- IT
- june
- knows
- large
- larger
- leak
- Limited
- losses
- Lot
- made
- managed
- May..
- million
- millions
- names
- no
- None
- now
- numbers
- obtain
- of
- on
- ONE
- online
- or
- Other
- over
- People
- personal
- plato
- Plato Data Intelligence
- PlatoData
- population
- private
- Program
- provides
- public
- publicly
- put
- Reported
- researchers
- responsible
- Risk
- Run
- Scale
- Search
- sensitive
- service
- Services
- severe
- Sex
- similar
- since
- So
- specific
- stolen
- stored
- Taxpayer
- than
- that
- The
- the world
- their
- Them
- they
- third-party
- this
- those
- threat
- threat actors
- to
- tool
- transfer
- tyler
- unauthorized
- unknown
- use
- users
- various
- visualize
- was
- webp
- were
- when
- WHO
- with
- world
- would
- You
- Your
- zephyrnet
