Brazil Exposed: 223 Million Records Leak in Open Database Nightmare

A study by Cybernews revealed a publicly accessible instance of Elasticsearch containing a vast amount of personal data of Brazilian citizens.

Elasticsearch is a widely used tool for searching, analyzing, and visualizing large volumes of data. The data breach was not associated with any specific company or organization, complicating efforts to determine the source of the leak.

A cluster located on a cloud server was found to contain data including full names, birth dates, genders, and CPF numbers (Cadastro de Pessoas Físicas), an 11-digit taxpayer identification number in Brazil.

Image: Cybernews

The data breach exposed over 223 million records, suggesting that the entire population of Brazil could have been affected. Although the data is no longer publicly available, it may have fallen into the hands of malicious actors who could use this information for identity theft, fraud, and targeted cybercrimes. Such actions could lead to financial losses, account breaches, and other serious repercussions for the victims. The scale of the breach amplifies the potential damage from its exploitation.

In December, Xfinity, a cable television and internet service provider and a division of Comcast Corp, reported a cyberattack on its systems that occurred in October. Xfinity discovered that the attackers managed to exfiltrate the data of 35,879,455 individuals.