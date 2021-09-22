Specialists from the dfndr lab, PSafe’s laboratory specializing in digital security, identified a website open to the public that would allow anyone to consult 426 million personal data about Brazilians, in addition to another 109 million information on CNPJs and license plates. The email address was detected by an artificial intelligence that scans deep and dark web, deeper layers of the Internet.

Six times the CPFs of Brazilians were leaked on the internet

The database contains information such as name, CPF, address, gender, date of birth, e-mail and even the income of individuals. There is also information regarding contracts with telephone and pay TV companies, such as landline and mobile phone numbers, type of plan contracted, contract date, contract number and payment method.

The content indicates the possibility that the data originates from the bases of telecommunications operators, although it is not possible to say whether there was or where an eventual leak occurred. As soon as the suspicious indexing was identified, the PSafe security team forwarded a report to the National Data Protection Authority (ANPD).

There are indications that the database found on the public site has been enriched with information from other leaks, including the January 2021 megaleak. The material therefore exposes more than 223 million Brazilians, although it is impossible to accurately determine the total volume of exposed citizens. Also, as the complete database mixes data from several different leaks, it is likely that data from the same person will be available for cross-searching.

According to Emilio Simoni, chief security officer at PSafe, detailed data like what was found at the base is a “full plate” for applying social engineering scams. “Knowing that this data is freely available on the open Internet, we need to alert the population to be even more suspicious of phone calls and messages that use this information to gain their trust,” he says.

Also according to the executive, it is essential that everyone is more attentive to their bank accounts. “It is possible that loans, contracting of services, purchases and even unauthorized access in our name may arise”, warns Simonini, who also highlights the possibility of criminals opening companies and false accounts on social networks to apply scams.

What can you do to protect yourself

PSafe makes a series of guidelines regarding what citizens can do to reduce risks and surprises. Important steps involve the habit of using strong passwords and seeking to replace them frequently, in addition to applying two-factor authentication to the services that offer the technology. It is also important to avoid clicking on suspicious links received via email and cell phone messages.

With an eye on the effects that the existence of this database can have on the action of criminals, PSafe guides care and attention to bank account transactions and reinforces that it is important to be suspicious of charges and payment slips for products and services that the user does not remember having hired . Using some type of antivirus software on your devices is also recommended.