Comments
Goat • January 26, 2021 9:09 AM
If this rapid digitalisation continues unchecked India may well make it “so far” instead of “all time”
RMCholewa • January 26, 2021 9:13 AM
Another take. It seems that the news outlet validated the info being sold. https://epoca.globo.com/brasil/hacker-rouba-dados-de-223-milhoes-de-brasileiros-vende-na-dark-web-24851406
gus • January 26, 2021 1:27 PM
Bruce, you’re mixing two massive leaks. One was from last year, and the information wasn’t being sold online (AFAIK). The massive leak from last week is the Brazilian equivalent of the Equifax leak and someone is selling out more private information (37 more types) as a service.
David Rudling • January 26, 2021 1:30 PM
@Goat
I agree. Unless something happens to drastically alter the trajectory of global personal data digital capture and storage – and I see no sign of it – then out of a global population of 7.8 billion (as estimated at March 2020) a data breach of a paltry 243 million is unlikely to hold the record for very long.
SpaceLifeForm • January 26, 2021 5:08 PM
Stares upward…
Wow, yes, that cloud does look like a leaking pipe!
Ollie Jones • January 26, 2021 6:07 PM
Interesting. Somebody left some credentials embedded in source code. !!
Github shrieks at you if you try that now. So does Gitlab. But these guys concealed them in some base64 string.
Infosec these days is shockingly brittle.
Oscar Wilde • January 26, 2021 9:54 PM
This is peanuts. There is a criminal organization in Brazil using NSO Group’s Pegasus to infect devices for hack for hire, to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations. They also have other advanced malware, like UEFI implants and even persistent implants for Kindle and Raspberry Pi. Plus face/voice recognition on every camera and microphone they can get into, in public or private places.
Brazil won’t do anything to stop them. Only the FBI, CIA and NSA can stop them.
There is also the possibility that they were engaged on the hack of Bezos’ smartphone.
If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.
If you want a story about how they operate, I am willing to work with you to expose them.
Freezing_in_Brazil • January 28, 2021 9:23 AM
Serasa/Experian was notified yesterday by the Sao Paulo state customer watchdog to officially present their explaining of the leak. Last tuesday the company had said that, “upon detailed analysis carried out to this date, we conclude that Serasa/Experian is not the source of the leak. We also do not see evidence that our systems have been compromised”.
@Oscar Wilde
Unless you have credible info to support you claim, I personally don’t see the involvement of such criminal organization. I don’t think the OrgCrime down here is mature enough to be interested in the data business or sophisticated enough to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations.
But, of course, I could be wrong.
Rodolfo • January 29, 2021 12:44 PM
My question is, where did the information came from? If it wasn’t from Serasa Experian who can have such databse? this must have been from the government itself
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
RMCholewa • January 26, 2021 9:06 AM
It is curious how it is not being treated as such and so far there is not a single word from the government or other institutions responsible for investigating it. Since the leaks last year, things are getting worse and no one seems to bother. https://tecnoblog.net/405112/exclusivo-os-detalhes-do-vazamento-sobre-100-milhoes-de-veiculos-no-brasil/