Data from Brazilians are exposed and have easy access through the most widely used online tool in the world: Google. Specifically, we are talking about information such as full name, CPF, date of birth, home address, memos, internal and confidential documents opened on the websites of institutions such as the University of São Paulo (USP), Federal University of Rio de Janeiro (UFRJ), Caixa Econômica Federal, Unified Health System (SUS), Sefaz and others.
Complete unpreparedness and disregard for national digital security
The discovery was made by security researcher Pedro Antônio, known virtually as “Pedr4uz”, together with his XPSec Security team, who did not have to break into any system to find this information: everything was open and indexed on Google. This technique of searching for exposed data, flaws or vulnerabilities is known as Google Hacking.
According to Pedr4uz, in addition to the private information of members of such institutions and databases released on the internet, several of the Word, PowerPoint & PDF files internal to the mentioned institutions presented access credentials (users, emails and passwords) in plain text. This means that practically anyone could access sensitive information from the systems via Google. They were and are still there, ready to be used in invasions. “Sometimes, I found access credentials with the highest privileges, such as administrator privileges”, says the researcher.