Photo: Murilo Fonseca
Threat actors claim to have compromised sensitive data from the Brazilian Ministry of Finance. The alleged breach, which reportedly stems from an unsecured Amazon Web Services (AWS) bucket, has exposed critical financial information about thousands of businesses.
According to FalconFeeds, the hacker offers a 26 GB dataset for sale on underground forums. The cache allegedly contains 67,358 federal tax invoice files, impacting more than 60,000 businesses across Brazil.
The compromised data includes highly sensitive details such as business owners’ names, tax identification numbers, financial balances owed, and other confidential financial records.
“This leak is an insecure AWS bucket containing Brazilian federal tax invoices for 60K+ businesses. The invoices are for the year 2018 but most of the data/PII is still valid and this had not previously been leaked. Data on the invoices includes business owner names, phone numbers, federal tax IDs, balance owed, addresses, and more,” threat actors posted.
The alleged breach highlights a significant vulnerability in data storage practices. Cloud services like AWS offer scalability and flexibility for institutions handling large volumes of information, but inadequate security configurations can lead to disastrous consequences. In this instance, an improperly secured AWS bucket appears to have been the entry point for the threat actor.
The leak can have serious ramifications for the country. Although the data is from 2018, it is quite sensitive. Threat actors also claim that most of the data is still valid and, as such, could be used for financial fraud, identity theft, and other malicious activities. It can also lead to phishing scams, leading to more serious offences.
In October 2024, researchers discovered a ransomware strain exploiting AWS infrastructure to target Windows and macOS. In September, a vulnerability in the Google Cloud Platform (GCP) orchestration tool, CloudImposer, exposed users to remote code execution (RCE) attacks.
In July, security researchers uncovered a ConfusedFunction flaw in Google Cloud that allows attackers to access sensitive data and other services.
In the News: Eagerbee malware targets Middle Eastern ISPs and governments