Entire Brazilian population potentially put at risk by major data leak

News
By published

Yet another unprotected database was recently discovered

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Researchers from Cybernews recently discovered an unprotected database that held personal information on approximately 223 million Brazilians. 

Given that by 2021 data, Brazil has 214 million people, it could be that information on the entire population of Brazil was contained in that database.

The researchers said they discovered the database after running a query in Elasticsearch, a tool people can use to search, analyze, and visualize, large volumes of data. They couldn’t determine who the owners of the database were, but said that the cluster held people’s full names, birth dates, sex, and Cadastro de Pessoas Fisicas (CPF) numbers. The latter is a 11-digit taxpayer identifier.

Poor password hygiene

Since making the discovery, the database was locked down. However, we don’t know for how long it stayed unprotected, and if any threat actors managed to find it before the researchers. If they did, they could use the information found there in various cyberattacks and fraud campaigns, such as phishing, identity theft, or even wire fraud. “This could have resulted in financial losses, unauthorized access to personal accounts, and other severe consequences for the individuals affected,” Cybernews says.

Having an unprotected cloud database means that there is no authentication process in place, and that anyone would be able to access the file, as long as they knew where to look. This process is made even easier with Elasticsearch, a tool that simplifies the process of finding unprotected databases.

While definitely a lapse on the owner’s side, this type of leak can’t be considered a system vulnerability. Still, unprotected databases are one of the most common causes of data leaks, with billions of data entries being available to the general public at all times.

For example, in early November 2023, Chinese researchers found a database of 3.3 million orders made by the customers of a Chinese online store, between 2015 and 2020. In some cases, the entries contained shipping addresses and phone numbers, and in other cases even copies of government-issued identity cards.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
German cloud service provider exposes entire Georgian country population - millions of personal data files leaked
Data leak
Top healthcare company exposes data on millions of patients - find out if you're affected
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Data leak
This top security camera streaming app may have been putting thousands of users at risk
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
More about security
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Email

Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
SanDisk Extreme PRO with USB4

Testing the new SanDisk Extreme PRO with USB4 SSD proved both challenging and revealing
See more latest
Most Popular
Half man, half AI.
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
diamond gemstone
Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'
Zuckerberg Meta AI
Meta powers ahead with conscious chip uncoupling with Nvidia as it tests its first in-house training AI-PU
Email
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter