[ad_1]
Cybersecurity researchers have discovered a serious violation in a server exposing the number of CPF of 120 million Brazilians – more than half of the population. According to the security company InfoArmor that detected the vulnerability in March of this year, negligence was part of the very configuration of server security.
The researchers determined that the security tools of Brazilian public servers were not configured correctly. In this way, any malicious personnel can access the data stored on this server at any time.
The "Register of Individuals" is required, inter alia, to carry out financial transactions, such as opening a bank account, the purchase of real estate, l & rsquo; Opening of a business, payment of taxes, etc. In this sense, each exposed CPF number is badociated with a banking and tax history.
After a closer look at the misconfigured server, the researchers discovered that someone had changed the name of a file from "index.html" to "index.html_bkp". This name change is one of the reasons why the information was exposed. As experts explained, anyone knowing the file name and finding that he could have free access to all folders and files. These files, ranging from 27 to 82 gigabytes, contained databases containing information about the CPF file.
InforArmor attempted to contact the owner of the server to report the discovery. And although there have been several unsuccessful attempts, the security error has been repaired and the information is no longer accessible.
Researchers responsible for the discovery of data leaks also reported that it was likely that cybercriminals collecting data detected. If this actually happens, it is very likely that this data may be used in the future for a malicious campaign or attack against Brazil.
Daniel Cunha Barbosa, security researcher at ESET, states that if a cybercriminal has access to the CPF number "it is possible to generate fraud as valid registrations on behalf of a person and, depending on the level additional information available to the criminal, to make purchases, or even to contract loans ". The company recommends to closely monitor the document in order to avoid any future mess.
