Entire Brazilian population potentially put at risk by major data leak

Yet another unprotected database was recently discovered

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers fromCybernewsrecently discovered an unprotected database that held personal information on approximately 223 million Brazilians.

Given that by 2021 data, Brazil has 214 million people, it could be that information on the entire population of Brazil was contained in that database.

The researchers said they discovered the database after running a query in Elasticsearch, a tool people can use to search, analyze, and visualize, large volumes of data. They couldn’t determine who the owners of the database were, but said that the cluster held people’s full names, birth dates, sex, and Cadastro de Pessoas Fisicas (CPF) numbers. The latter is a 11-digit taxpayer identifier.

Poor password hygiene

Since making the discovery, the database was locked down. However, we don’t know for how long it stayed unprotected, and if any threat actors managed to find it before the researchers. If they did, they could use the information found there in various cyberattacks and fraud campaigns, such as phishing,identity theft, or even wire fraud. “This could have resulted in financial losses, unauthorized access to personal accounts, and other severe consequences for the individuals affected,” Cybernews says.

Having an unprotected cloud database means that there is no authentication process in place, and that anyone would be able to access the file, as long as they knew where to look. This process is made even easier with Elasticsearch, a tool that simplifies the process of finding unprotected databases.

While definitely a lapse on the owner’s side, this type of leak can’t be considered a system vulnerability. Still, unprotected databases are one of the most common causes of data leaks, with billions of data entries being available to the general public at all times.

For example, in early November 2023, Chinese researchers found adatabase of 3.3 million ordersmade by the customers of a Chinese online store, between 2015 and 2020. In some cases, the entries contained shipping addresses and phone numbers, and in other cases even copies of government-issued identity cards.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set