In the last week, data from 223 million Brazilians were leaked. Among the information exposed are telephone, email, CPF, address, IRPF and much more. As a result, several platforms were created with the aim of helping the user, checking which personal data were leaked. One of them was the FuiVazado! Website, which in a simple and quick way, allows the person to see what data is exposed on the internet.
However, the initiative has raised suspicions from some users. To understand the degree of security and how the system works, the TecMundo sought out the developer and creator of FuiVazado, Allan Fernando, to ask questions about the platform.
At first, many doubts were raised about the leaks. One of them was the strangeness with the relation of inhabitants in Brazil and the number of leaked data. Today, the country has 207,660,929 inhabitants, according to an estimate by the Brazilian Institute of Geography and Statistics (IBGE), and approximately 223 million people had their data leaked. The difference occurred because the released database also included deceased people.
One of the main concerns of people when entering the site, was the need to, in addition to the CPF, enter their date of birth. To TecMundo, Allan affirms that the search in the system is done by the CPF, but the date of birth is used to validate if it really is the person who is consulting. “This can be seen on the website. If you enter the wrong date of birth, the platform will not show the detailed information, it just warns you that you had leaked data,” he explains.
The developer says that he did not make any registration system on the platform – that is, there is no resource that saves or stores data on the people who consulted the site. “I can’t even say how many people have already consulted on FuiVazado, because I only have the data generated by CloundFlare”.
According to a report published by Tilt last Friday (5), a breach was detected in the header of the website’s website. The error allows hackers to copy the personal data of those who searched the platform. According to experts interviewed by the vehicle, the biggest problem is that the page does not offer protection for the entry of information, since it does not have encryption capable of shuffling the data.
“FuiVazado!” allows the person to see what data is exposed on the internet (Source: Disclosure)Source: Disclosure
TecMundo spoke with the lawyer specialized in Computer Law, Rofis Elias Filho. He states that there is no illegality on the part of the FuiVazado website, since no registration data is being used, sold or exposed. “The tool only says whether the data was leaked or not. There is no way to opt in or opt out in this case “, says Rofis
The TecMundo team checked the page code available on GitHub and confirmed that there are no signs that the site is able to collect information from the people who consulted their CPFs. On the other hand, it is impossible to be 100% sure, as the site code may not be different from that available on GitHub.
Still, it is important to note that if the code was not changed by the developer in its version on the air, the consequences of the leak could be even worse. That’s because it would run the risk of revealing the information that was used to query the cloud where leaked data is. That way, anyone would have the chance to gain access to the data even easier. Today, in order to have access to this base, the Internet user needs to search dark forums and download a huge download.