Data protection specialists report that an unidentified threat actor is auctioning off a database with records of more than 90 million Brazilian citizens on dark web forums. The bidder states that each registration is unique and 100% real, making it possible to make a detailed profile of some of the people affected for malicious purposes.
It is possible to participate in this auction
through various clandestine web markets that can only be accessed by being
invited by one of the current members or by paying a fee.
The specialized platform BleepingComputer
had access to some of the posts on one of these clandestine forums, where it
was proven firsthand that the database being auctioned by the criminal(s) has
16 GB of information and is on SQL format. The initial offer is $15,000 and
each new offer must increase at least a thousand dollars, data protection
experts report.
The seller (self-named X4Crow) specifies that
the records are organized by province and include personal details such as:
- Full names
- Birth dates
- Taxpayer identification keys (known in Brazil as Cadastro de Pessoas Físicaos), among other details
After obtaining a small sample of the database
and comparing it to the Brazilian Federal Revenue website, BleepingComputer
determined that the information actually belongs to Brazilian citizens.
The seller of this information has not
disclosed its source, although according to the data protection experts, the
details included in each record suggest that it is a database of the Brazilian
government. Although the seller claims that the database includes more than 93
million unique records, experts consider this to be almost impossible, as these
records must belong to the economically active population in Brazil, which
according to the government today around 90 million, so it is highly likely
that the database does include duplicate records.
X4Crow’s offering also includes a search
service focused on the population of Brazil; on the auction site, the threat
actor mentions that, by entering a small piece of data (such as full name,
taxpayer identification key, etc.), it is possible to obtain relevant
information about the inhabitants of Brazil.
So far it is unknown how this user gained access to this database or if
they have already received any offers.
Data protection experts from the International Institute of Cyber Security (IICS) mention that although there are no known records of previous activity linked to X4Crow, it is likely that whoever is behind this alias is not new to the business.” This hacker or hacker group has demonstrated ability to carry out various tactics typical of such incidents, such as presence in different dark web forums. In another of these forums, X4Crow also claims to have capabilities to offer other kinds of services, such as penetration testing, programming, and advice on malware-related topics.
