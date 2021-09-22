A Brazilian public website is exposing about 426 million personal data and 109 million information such as CNPJs and license plates. The alert was made this Tuesday (21) by the digital security company PSafe.

The page, which was found by dfndr lab, the company’s laboratory, can be accessed by anyone with internet access. Data can even be queried from a search engine, according to PSafe.

Among the information available are name, CPF, address, gender, date of birth, e-mail and even the income of individuals. It is also possible to check on the platform very specific details of contracts with telephone and pay TV companies, such as landline and mobile phone numbers, type of contracted plan, contract date, contract number and even payment method.

“We’re talking about a super base, probably enriched from the compilation of other possible leaks. This new bank was found on September 19, 2021 and has been analyzed since then. It encompasses key personal data, exposing various personal information. In the hands of cybercriminals, this data is a ‘full platter’ for applying social engineering scams,” said Emilio Simoni, chief security officer of PSafe.

Simioni points out that, knowing that this data is freely and easily available on the Internet, Brazilians need to be even more attentive to phone calls and messages that “use this information to gain their trust”.

Scratchs

Simoni also argued that people should be vigilant in relation to bank accounts, since it is possible that with this data in hand, criminals can hire services, purchase products and even make unauthorized access.

“We are all at the mercy of cybercriminals. With improper possession of this data, it is even possible for criminals to open companies and fake accounts on social networks to apply scams,” he added.

PSafe identified the site’s indexing, which was not disclosed, and prepared a report for the National Data Protection Authority (ANPD). It is not possible to know, so far, where this data was leaked. However, the digital security company pointed out that there are indications that the information may have been leaked from some telecom operator.

The page was identified by the dfndr enterprise real-time data leak monitoring system, which uses Artificial Intelligence (AI) to constantly scan the open Internet, Deep Web and Dark Web.