Entire Brazilian population potentially put at risk by major data leak

News
By published

Yet another unprotected database was recently discovered

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Researchers from Cybernews recently discovered an unprotected database that held personal information on approximately 223 million Brazilians. 

Given that by 2021 data, Brazil has 214 million people, it could be that information on the entire population of Brazil was contained in that database.

The researchers said they discovered the database after running a query in Elasticsearch, a tool people can use to search, analyze, and visualize, large volumes of data. They couldn’t determine who the owners of the database were, but said that the cluster held people’s full names, birth dates, sex, and Cadastro de Pessoas Fisicas (CPF) numbers. The latter is a 11-digit taxpayer identifier.

Poor password hygiene

Since making the discovery, the database was locked down. However, we don’t know for how long it stayed unprotected, and if any threat actors managed to find it before the researchers. If they did, they could use the information found there in various cyberattacks and fraud campaigns, such as phishing, identity theft, or even wire fraud. “This could have resulted in financial losses, unauthorized access to personal accounts, and other severe consequences for the individuals affected,” Cybernews says.

Having an unprotected cloud database means that there is no authentication process in place, and that anyone would be able to access the file, as long as they knew where to look. This process is made even easier with Elasticsearch, a tool that simplifies the process of finding unprotected databases.

While definitely a lapse on the owner’s side, this type of leak can’t be considered a system vulnerability. Still, unprotected databases are one of the most common causes of data leaks, with billions of data entries being available to the general public at all times.

For example, in early November 2023, Chinese researchers found a database of 3.3 million orders made by the customers of a Chinese online store, between 2015 and 2020. In some cases, the entries contained shipping addresses and phone numbers, and in other cases even copies of government-issued identity cards.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
German cloud service provider exposes entire Georgian country population - millions of personal data files leaked
Data leak
Top collectibles site leaks personal data of nearly a million users
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data leak
Popular online bill paying site leaks data of thousands of users
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
Samsung Odyssey G9 OLED gaming monitor against a cyan TechRadar deals background

Our favorite ultrawide OLED monitor just got a massive discount for the Amazon Spring Sale - get it now before it nearly doubles in price!
See more latest
Most Popular
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound