Giant leak exposes data from almost all Brazilians

Leonard Manson reports:

On Tuesday morning (19), the dfndr lab, PSafe’s cybersecurity laboratory, reported a huge leak in a Brazilian database that may have exposed the CPF number and other confidential information of millions of people.

According to the experts, who use artificial intelligence techniques to identify malicious links and fake news, the leaked data contains detailed information on 104 million vehicles and about 40 million companies, potentially vulnerable to 220 million people.

The information contained in the compromised database includes the name, date of birth and CPF of almost all Brazilians, including authorities.

Read more on Somag.

This is a bit of a “hold my beer” moment for researchers who have quietly been finding and muttering over massive databases with Brazilians’ personal and medical information for more than a year now. Many leaked databases are now in the hands of individuals or firms who have not publicized their finds but have amassed detailed information on Brazilian citizenry.  When asked one Brazilian security researcher last year whether citizens would be concerned to know about leaks involving their CPF (which is their national taxpayer registration number), the researcher’s answer was basically, “No, we have bigger problems than that to worry about.”

About the author: Dissent

14 comments to “Giant leak exposes data from almost all Brazilians”

You can leave a reply or Trackback this post.
  1. Gir - January 22, 2021

    Is it confirmed by another source?

    • Dissent - January 22, 2021 started to investigate it. Serasa Experian told them that they do not think the data came from Serasa Experian. That said, the data do appear to be valid/real data from somewhere. Some of the data in there matches data from other leaks (like national registration number, etc).

  2. Natalia Poklayova - January 22, 2021

    I have a data protection service called, and it reported to me that this data DID NOT come from Serasa. It came from a data provider that provides services for Serasa but has a completely different approach. They are a third party service.
    Kzarka’s didn’t recommend me to change my passwords on affected websites. Instead, tey are working to remove their clients data from the original deep web source file, on AtlanticMarket.

    • Dissent - January 22, 2021

      The data are already on a lot of people’s hard drives and are still being given away freely on clearnet web sites/forums. Getting the data removed from the original leak site is nice, but doesn’t really solve the problems. But thank you for the update. Much appreciated!

    • Rodolfo C - January 25, 2021

      And what is the name of the data provider?

    • Juliana - January 27, 2021

      Even though it didn’t directly come from them, they are going to be held accountable for the data breach by both public authorities and the general public – to date, national consumer protection service (Senacon) already issued a request for investigation and for impact assessment. They have 15 days to answer

      Anyway, damage is already done for both Serasa and the consumers – now the only thing Serasa can do is try to exonerate themselves to not be fined.

    • Void - January 28, 2021

      AtlanticMarket?? Sorry

      • Dissent - January 28, 2021

        Yeah, I wondered about that, too. Never heard of any such market.

  3. eu - January 23, 2021

    and where is the link that I ran all over the internet and didn’t find?

    • Dissent - January 23, 2021

      My policy is not to link to data dumps. That would be a bit inconsistent with efforts to protect data. 🙂

  4. Krahausten - January 23, 2021

    where it locate to check if it true?

    • Dissent - January 23, 2021

      Felipe Ventura of checked a few people and found valid/real data for them.

  5. Bozo - January 29, 2021

    Seems the data leak comes from insiding on ANPD who started to build a centralized national database on 2018.

    • Dissent - January 29, 2021

      Why do you think it’s them? Is there anything specific in the data or formatting/fields to support your guess?

Comments are closed.