Earlier this year, the InfoArmor research team discovered an unsecured server hosting the taxpayer registry identification numbers for 120 million Brazilian nationals during routine scanning of the internet for compromised machines, representing another stunning example of relaxed cybersecurity practices putting hundreds of millions of people at risk.
In a new report, we outline our Advanced Threat Intelligence team’s process of discovering this data, the type of information that was exposed, the timeline and attempts to notify the host, and perspective on the future of this data.
It is important to note that this discovery was not of a hack or breach — the information was freely accessible to anyone who happened to be looking. That being said, this was an extensive list of highly personal and valuable information readily available on the Internet for 57 percent of Brazil’s population, and it is very likely sophisticated adversaries harvested this information. It took over a year for data stolen from Yahoo to appear for sale on the Dark Web, and data as unique as what was available in Brazil’s CPF server is likely to be traded among the most closed off and exotic data troves of the Dark Web.
Unfortunately, it is not uncommon for InfoArmor’s research team to regularly encounter leaked data in unsecured S3 buckets and misconfigured servers, publicly revealing the contents of which they are the custodian. With the mad rush to share tenant cloud services, we are seeing a tremendous amount of leaked data that is potentially 10 times greater than actual threat actor activity.
Such sensitive data being repeatedly and carelessly exposed on such a large scale is a threat to citizens in every country and a substantial boon to threat actors, hackers, and cybercriminals.
When major breaches happen, it is easy to point the finger of blame at a large organization that should “know better”. But it must be acknowledged that in most cases, large and small, we are our own worst enemy. Whether we mean to or not, disregarding basic cybersecurity practices makes the work of hackers substantially easier and, in the end, we are all affected.
InfoArmor’s team is closely monitoring for any emergence of this data and is hoping to make people aware their information could be at risk. The full report can be found here.