The Lapsus$ group, the same group that assumed responsibility for attacks on the Ministry of Health, Post and Claro, published this morning on its Telegram channel an 835MB file containing sensitive information about the president of Brazil and members of his family. These include document numbers, banking information (with details that include monetary values), kinship information and movable and immovable property.
The type of data, more and the existence of a field called “Mosaic”, makes this dump similar to a partially leaked set in early 2021, to which the author of the leak named “Serasa”, and in which there was also a field named “Mosaic”.
The file is named “bin.sql’ . It is an SQL script that contains enough material to generate a database. The message in which the group posted the file is titled “Forwarded from Alexander Pavlov” and text that reads “doxbin database leak, search
doxed for plain text pws. IP access logs and SRC code leaking soon.”
This means that the file contains passwords (pw’s) in plain text (no hash) and that there should be other leaks, containing access logs with IPs and source code, although what this is exactly is not specified. The President’s Family section is 437,257 characters long and contains sensitive and personal information about him and several other members of his family, including former spouses and children.
The file contains a plethora of data from people all over the world. Some of it may have actually been obtained from Doxbin, a document-sharing and publishing site that Wikipedia said invited users to contribute personally identifiable information (doxing or documentation) of anyone of interest to them. There is a lot of data exposed by activists. Although the site has been reported closed, much of the information attributed to the president’s family dates back to the past two years.