Entire population of Brazil possibly exposed in massive data leak

The private data of hundreds of millions of Brazilians were publicly accessible to threat actors, putting individuals at risk.

Cybernews research revealed a publicly accessible Elasticsearch instance, which contained a staggering amount of private data belonging to Brazilian individuals.

Elasticsearch is a commonly used tool for the search, analysis, and visualization of large volumes of data. The leaked data was not linked to a specific company or organization, preventing Cybernews from identifying the source of the leak.

CPF Brazil data leak
Total count of leaked records. Image by Cybernews

The cluster, located on a cloud server, contained the data with full names, dates of birth, sex, and Cadastro de Pessoas Físicas (CPF) numbers. This 11-digit number identifies individual taxpayers in Brazil.

The leaked data contained more than 223 million records, which implies that the entire Brazilian population might be affected by the leak.

CPF Brazil data leak
Leaked private data. Image by Cybernews

While the data is no longer publicly available, in the hands of a malicious actor, the exposed data could have been misused for identity theft, fraud, and targeted cybercrimes. This could have resulted in financial losses, unauthorized access to personal accounts, and other severe consequences for the individuals affected.

The massive scale of the leak amplifies the potential impact. Previously, Cybernews reported massive leaked data sets allegedly belonging to governmental entities being sold online.

Earlier this year, threat actors listed 23 terabytes of data on one billion Chinese nationals and several billion case records from the Shanghai police. Personal data from 105 million Indonesian citizens, including ID card numbers, full names, dates of birth, and other personally identifiable information (PII), has also been leaked and offered for sale online.

More from Cybernews:

Duolingo cuts contractors after utilizing AI to create content – media

Bill Ackman pledges AI plagiarism-checks at MIT, Business Insider

VW vehicles to converse with drivers via ChatGPT by mid-year

LoanDepot customers affected by weekend ransomware attack

NASA moon landing and Star Trek space burial in question after positioning snafu

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked