Another leak involving information from Brazilians was recently discovered. The digital security company vpnMentor reports on its website that records of more than 10,000 people, including photos of documents such as RG, have been exposed on the internet. The database is linked to a financial services company called Promoting Prism.
The problem does not appear to have been caused by Prisma’s carelessness, however. VpnMentor claims to have found, at the end of 2020, a volume with 574 GB of data stored without the proper protection on Amazon Web Services (AWS) that would be related to an application.
An analysis of the app showed that the data is controlled by an ERP company (business management) whose name has not been revealed. Everything indicates that Prisma Promotora is a client of this ERP platform, which in turn stores service data on AWS.
The amount of data exposed is impressive: more than 717 thousand files. Most of them, 608 thousand files, correspond to photos of credit or debit cards, driver’s licenses (CNH), RGs and proof of registration status at the Federal Revenue, for example.
More than 2,000 Excel spreadsheets were also exposed with various types of information, including full names, telephone numbers, addresses, vehicle data, bank account numbers, among others. There are also spreadsheets with data on Prisma employees.
About 105 thousand audio and video files are part of the volume. Much of this total consists of recordings of loan negotiations.
As if that were not enough, vpnMentor also found a backup of an SQL database with more than 500 thousand files, again, with a great diversity of personal information available there.
To make matters worse, the company claims to have found several applications in APK (installation file for Android) that, after being installed, gave access to the login page of the ERP system. With access, vpnMentor analysts were able to view the SQL database, as well as its contents.
How the leak was discovered
According to vpnMentor, the 574 GB of data in question were found through a web mapping project promoted by the company that aims to identify unprotected databases.
Using specific tools, analysts scan the internet and then check the seemingly vulnerable databases for data leaks.
You don’t have to be a security expert to know the severity of this leak. With such a variety of data and even digital copies of documents, criminals who have access to the archives can use the information to obtain fraudulent financing or contact the victims to apply scams, just to give a few examples.
VpnMentor also warns of the possibility that the login data could compromise the ERP system used by Prisma Promotora or that the leak data could be used in criminal actions against the company.
Fortunately, there is, so far, no record that the data was used or accessed by criminals. In any case, the database is no longer vulnerable.
Initially, vpnMentor contacted the company that apparently is responsible for the AWS account. As there was no return, Amazon was alerted – the company often notifies customers of database breaches or misconfigured accounts. Prisma Promotora was also notified by vpnMentor.
It worked out. Although it was not clear which party took action, vpnMentor reports that, on February 14, it found that the data was already protected.
THE Tecnoblog tried to contact Prisma Promotora, initially by phone, but we were unsuccessful. An email was sent to the company afterwards. This post will be updated if we get feedback.