Saturday, June 15, 2024

120 Million Unique Taxpayer ID Numbers Exposed Online From Misconfigured Servers

120 Million Unique CPF of Brazilian citizens exposed online form a misconfigured Apache server. The highly personal information is openly available for everyone.

The exposed data contains sensitive information that linked CPF includes banks, loans, repayments, credit and debit history, voting history, full name, emails, residential addresses, phone numbers, date of birth, family contacts, employment, voting registration numbers, contract numbers, and contract amounts.

The publically available misconfigured servers are discovered by InfoArmor Threat Intelligence team back in March of 2018 and in April 2018 InfoArmor contacted the Email address registered with one of the hosts of the SQL server.

Researchers also found a swap with the files, “an 82 GB file, had been replaced by a raw .sql file 25 GB in size, though its filename remained the same. This swap suggests a human intervened.”

The exposed archive contains file sizes ranges from 27M to 82 gigabytes. Also, the index file has been renamed from “index.html” to “index.html_bkp,” which makes the file’s to be accessible publically.

120 million

By the end of the month, the server has been fixed and all the data has been secured and it functional with the website with an authenticated website alibabaconsultas.com, reads the blog post.

“With the mad rush to share tenant cloud services, we are seeing a tremendous amount of leaked data that is potentially 10 times greater than actual threat actor activity,” says Christian Lees, chief intelligence officer at InfoArmor.

“It is safe to assume that any intelligence organization or cybercrime group with reasonable collection capabilities and expertise will have captured this data. This data could very likely be used against the population of Brazil, the nation of Brazil, or any nations hosting people who have a CFP”, reads the report.

Related Read

66 Million Users Personal Data Exposed From Unprotected MongoDB Database

Hackers Stolen 500 Million Guests Personal Information From Starwood Hotels Guest Reservation Database

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles