Connect with us

Data Breaches Hacker News

Taxpayer ID Numbers of 120 Million Brazilians Exposed Online

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Data Breaches

77 Million Nitro PDF Records Compromised

Data Breaches

Solarwinds Hackers Achieve End Goal of Acquiring High-Profile Government Targets

Data Breaches

British Airliner EasyJet Victim of Cyber Attack - 9 Million Records Exposed

Data Breaches

Massive Data Breach of Panama Citizens

Data Breaches

Outlook Breach More Expansive than Previously Thought

Data Breaches

Second Toyota Security Breach puts 3.1 Million Consumers at Risk

Data Breaches Hacker News

Korean Crypto Exchange BitHumb Loses $19 Million to Hackers

Data Breaches Hacker News

Major Aluminum Manufacturer Hit With Cyber Attack Stopping Worldwide Production

Data Breaches

Taxpayer ID Numbers of 120 Million Brazilians Exposed Online

Published

4 years ago

on

Taxpayer ID Numbers of 120 Million Brazilians Exposed Online

Taxpayer identification numbers for 120 million Brazilian citizens have been exposed due to a misconfigured server. These tax identification numbers are called “Cadastro de Pessoas Físicas (CPFs)”, and function similarly to a Social Security Number in the US, a National Insurance number in the UK, or a number of other equivalents worldwide. A Brazilian national would need a CPF number in order to open a bank account, create a business, pay taxes or get a loan. Having these numbers exposed could lead to fraud, and generally, put the number’s owner at risk.

Research by InfoArmor, a cybersecurity provider, revealed that an Apache web server discovered in March 2018, was configured incorrectly and its data was exposed. InfoArmor opened one of the archives on the server and found CPFs and other personal information about individuals.

InfoArmor stated:

“Each exposed CFP linked to an individual’s banks, loans, repayments, credit and debit history, voting history, full name, emails, residential addresses, phone numbers, date of birth, family contacts, employment, voting registration numbers, contract numbers, and contract amounts.”

After discovering the exposed data, InfoArmor started an investigation to determine the owner of the database.

“In the days following the initial discovery, InfoArmor’s research team attempted to determine who owned the server so they could be notified. During this time, InfoArmor observed that one of the files, an 82 GB file, had been replaced by a raw .sql file 25 GB in size, though its filename remained the same.”

It is thought that the directory was being used as a backup database, without realizing that it is available to view by the public.

It is not yet known whether anyone has discovered this before InfoArmor, for example, criminals who may want to use the information for malicious goals.

It is highly concerning that this was allowed to happen since the exposure could have been easily prevented by making sure a file named index.html was located in the folder.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *