The dfndr lab, a research laboratory for security of PSafe, identified on Tuesday (19) a leak in a database that exposed personal information 220 million people - practically the entire population of Brazil. Authorities are among those affected.

According to the company, full names, dates of birth, CPF, as well as data of 104 million vehicles and 40 million companies.


In a statement, PSafe did not provide the name of the company responsible for the leaked database. O Olhar Digital he sought the press office to obtain this information, but we had no answer until the closing of this article.

image of a hacker stealing data from one computer to another
Leaks of personal data are occasionally the result of phishing attacks, where hackers obtain information to commit crimes. Image: MicroOne / Shutterstock

According to Emilio Simoni, director of the dfndr lab, data of this type can be obtained by cybercriminals for scams. Phishing - in which a hacker convinces you to accredit your information on a fake page, for example.

“Once the cybercriminal has the person's CPF and other real data,” says Simoni, “it would be easy to go through a legitimate service and use social engineering to obtain more critical data from the victim, which could be used to borrow, password banking and service contracting ”.

Leaked data

In addition to the data of Brazilian citizens, information on 104 million cars is also in the database. They include chassis number, license plate, municipality, color, make, model, year of manufacture, engine capacity and even the type of fuel used.

image of a hacker leaking data
Leaked information includes data from authorities and companies, a full plate for hackers to sell on the dark web. Image: Sergey Nivens / Shutterstock

In the corporate environment, 40 million companies had data exposed, including CNPJ, corporate name, trade name and date of foundation.

“Cybercriminals make part of the bases available to prove the veracity of the information obtained and try in some way to profit from these incidents, selling more in-depth data such as e-mails, phones, purchasing power and occupation data of the people affected,” said Simoni.

The expert points out that transactions of this type usually occur in the Dark web, where tracking such actors is much more complicated.

According to PSafe, it is not yet known how the information was leaked. The company did not say whether it was a security breach, attempted intrusion or easy access. Recently, similar problems have affected the Detran and the Spotify.

Street: PSafe