A hacker who has access to the dark web and details of the leak of a table with 223 million records of Brazilian citizens sent CISO Advisor information that the data for this leak did not come from Serasa Experian. According to the person who sent the message, the data “does not really belong to Serasa. They come from a company connected to the government ”(sic). The person said that although he had no involvement in the incident, he was aware of these details in forum conversations.
CISO Advisor published the news of this leak on January 12 with the title 223 million people, 40 million companies: data is for sale. The leak had occurred at 2:56 am the previous day, with the title “Serasa Experian Full Service”. The newsroom decided not to publish Serasa’s name, but only the information about the leak as a matter of caution.
This database was not the only one being offered: there was also another one with 40 million corporate records.
The personal data table has 37 fields, some of which are similar to those used by credit bureaus, but there are also fields with names of information available in social security, as well as others associated with social networks. One of the fields is called Mosaic, the same name for a Serasa data classification product. This fact may have reinforced the suspicions that the data originated in the company.
After the publication of this announcement on the dark web, versions of this table appeared that included “photos”, although there is no field destined to a record associated with the photo in the initial leak, that is, there are already replicas of this table, incomplete and also with data that do not appear in the original. The fact is a consequence of the activity of cybercriminals looking to sell data.
Serasa Experian’s press office sent CISO Advisor the company’s most recent statement on the matter: “There has been news in the media that a hacker is illegally offering data about Brazilian citizens on the web, some of which he claims would be related to Serasa. We are committed to protecting the privacy of consumer data that we treat extremely seriously. Our investigation to date has shown significant discrepancies between the allegations made and the data we keep in our files. We started another analysis of additional files that were made available ”.
See the original post at: https://www.cisoadvisor.com.br/vazamento-nao-e-da-serasa-mas-de-uma-empresa-estatal-diz-hacker/?rand=59039