A new data leak on the internet may have exposed more than 102 million mobile phone accounts this month, according to dfndr entreprise, PSafe’s corporate data protection solution. According to the cybersecurity company, among the leaked information are the name of the telephone line subscriber and the cell phone number, including that of President Jair Bolsonaro. The information was initially released on the website NeoFeed.
CISO Advisor found that the leak data is compatible with the structure of a CRM (customer relationship management). In a sample that is circulating on the dark web with 2,394,927 records, two fields indicate the name of a contact management product that can be used in contact centers. The file that circulates is in JSON standard, used for data exchange, and may have been obtained through an API exposed on the web.
According to PSafe, the data had been available for purchase on the dark web since February 3 of this year and included information such as CPF, cell phone number, type of telephone bill, minutes spent on calls and other personal data. The databases verified by the dfndr enteprise were on sale for 0.026 bitcoins each, the equivalent of just over R $ 6,200.
The company confirms that data from President Jair Bolsonaro was included in the leak, with information such as cell phone number, phone bill value, minutes spent per day, CPF and date of birth.
The accounts are believed to belong to users of the operators Claro and Vivo. The hacker claims to have information on 57.2 million Vivo phone accounts and 45.6 million Claro accounts.
However, PSafe CEO Marco DeMello urges caution about any foregone conclusion. “We cannot take as evidence the allegations of a cybercriminal. The authorities have already been notified, we have a close relationship with the ANPD. We are available to collaborate in the investigations that lead to the identification of those responsible. ”
To verify the veracity of the information detected by the dfndr enterprise, the PSafe team contacted the criminal and requested a sample of the database offered for sale. “Obviously we do not agree with the sale of sensitive information and we would never buy an illegal database. The sample that the criminal made available to us for temporary access contained information that we were able to verify. Our role in this operation is very clear: to identify, ascertain and alert. We now have mechanisms that no other company has to detect data leaks ”, concludes DeMello.
This is the second major data leak in Brazil in February. At the beginning of the month, the leak of data with personal information of more than 223 million Brazilians on dark web forums was made public. The data were separated by CPF number, accompanied by information from vehicles registered in Brazil.
See the original post at: https://www.cisoadvisor.com.br/vazamento-expoe-dados-mais-de-102-milhoes-de-usuarios-de-celulares/?rand=59039
