A bank with data from 8 million Brazilians went on sale for $ 320 in a forum frequented by hackers. Among the leaked information are the phone number, work address, proof of residence, profile information and Facebook photos.
According to the digital consulting company HarpiaTech to Tilt, the data are true and integrate a global leak of 990 million Facebook profiles, collected through flaws detected in the social network. The breach allowed information such as name, telephone number, sex, marital status, workplace and date of the last activity of the profile to be collected.
The consultant’s partner, Filipe Soares, says that the company did an analysis with 50 profiles, comparing Facebook photos with WhatsApp photos of the leaked number, and it was found that they were from the same person. The price asked by the hacker – who had Mark Zuckerberg in the profile picture – was $ 40 for the information for each million profiles, which should be paid in bitcoins.
The company stated that it will deliver a report with the information collected to the ANPD (National Data Protection Authority), the Federal Police and to the Public Ministry of the Federal District.
The crossing of leaked data on the internet increases the possibilities for criminals. According to Soares, if someone correlates information from a Facebook profile with the data leaked in January, such as social security number and address, a criminal could open a digital bank account using a selfie available on the social network to validate the registration, for example. It would also be possible to request the FGTS emergency withdrawal or the practice of phishing.
For Soares, some precautions can be taken to reduce the chances of possible fraud: redouble the attention to avoid cases of phishing, activate two-step authentication on all platforms that have the function, use the Have I Been Pwned website in case of leakage email to find out the extent of the damage and consult the Registrato, the Central Bank’s platform that gathers all accounts in financial institutions linked to a CPF, allowing the recognition of undue loans or debts.