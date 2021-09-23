A Brazilian website exposed about 426 million of personal data such as CPF, name, address, gender, date of birth, e-mail and even the income of individuals. Another 109 million data includes vehicle information such as chassis number, Renvam, model and user license plates, according to digital security company PSafe.

According to the company, although it is not yet possible to know for sure where the failure comes from, there are signs in the base that point to a telecommunication operator. PSafe claims that it has initiated an analysis of the information and submitted a report to the National Data Protection Authority (ANPD).

The site where the leaked data are is not disclosed by Psafe for security reasons.

Issued on Tuesday (21), the alert says that “anyone with internet access could find and consult the information displayed” on the website, including address, gender, date of birth, e-mail and even information on the income of individuals.

According to PSafe, “there is also information regarding contracts with telephone and pay TV companies, such as landline and mobile phone numbers, type of contracted plan, contract date, contract number and payment method”.

“We are talking about a super base, probably enriched from the compilation of other possible leaks. This new database was found by dfndr lab on September 19, 2021 and has been analyzed ever since. It encompasses the main personal data, exposing various information”, explains Emilio Simoni, PSafe’s chief security officer, in a statement released by the company.

“In the hands of cybercriminals, this data is a ‘full plate’ for applying social engineering scams. Knowing that this data is freely available on the open internet, we need to alert the population to be even more suspicious of phone calls and messages that use this information to gain their trust”, he points out.

Simoni still issues an alert, asking everyone to pay attention to bank accounts.

“It is possible that loans, contracting of services, purchases and even unauthorized access in our name may arise. We are all at the mercy of cybercriminals. With improper possession of this data, it is even possible for criminals to open companies and fake accounts on social networks to apply scams”, he says.

O CNN Brasil Business he sought out the operators Oi, Tim, Vivo and Claro, but, until the time of this article’s publication, they had not yet responded to the placement request.

How do I know if my CPF was spoofed?

To identify a fraud in your document, just enter the website Registry, a Central Bank system that shows transactions with financial institutions, such as credit and foreign exchange.

When the site loads, click on the “I’m an Individual” button just below the “First Access” menu.

There, you can choose to register by cell phone, internet banking, digital certificate or even in person — something risky in the days of Covid-19. All options give you the right to access reports such as active checking accounts, loans and financing in your name and registered PIX keys.

Find out how to consult the Registry:

by cell phone : if your choice is the smartphone, just enter your bank’s application, search for the “Registration” option, obtain a PIN (usually four-digit password) which, later, will be used to access the Central Bank system and request the reports;

: if your choice is the smartphone, just enter your bank’s application, search for the “Registration” option, obtain a PIN (usually four-digit password) which, later, will be used to access the Central Bank system and request the reports; Through internet banking : You must get a safety phrase on the Central Bank home page, entering data such as CPF, date of birth, mother’s first name and name of the bank in which you have an account. Then access your bank’s internet banking through your computer. And, finally, complete the registration directly on the Registrato’s website, having access to the same reports mentioned above;

: You must get a safety phrase on the Central Bank home page, entering data such as CPF, date of birth, mother’s first name and name of the bank in which you have an account. Then access your bank’s internet banking through your computer. And, finally, complete the registration directly on the Registrato’s website, having access to the same reports mentioned above; Digital certificate: To access the Registry with this option, you must have an A1 or A3 e-CPF for proof of identity. With it, the user gets the access password.

I was a victim of fraud. And now?

If your CPF has been spoofed, it is important to act quickly.

If you find information that does not match your pattern of purchases and loans, call or contact your financial institution’s SAC and, at least once a month, check with the Registry whether they are using your data in a criminal manner.