The Fui Vazado service, which allows you to know which of your data is in the leak of 223 million CPFs, is down this Friday (5). This week, the STF (Supreme Federal Court) determined that the Federal Police should take measures to block it from the internet, in addition to listening to the person responsible for the website. Procon-SP, in turn, requested the opening of a police inquiry.
The page still loads, but displays the “Error 1020” access denied message. According to the CloudFlare website protection service, this means that a client or browser has been blocked by firewall rules. However, this block seems to be broad: Fui Vazado does not display the query form in any browser, regardless of the operator used.
Last week, developer Allan Fernando explained to Tecnoblog because he developed Fui Vazado: “I made the site because I think everyone has the right to know if their data was leaked”. It was necessary to insert CPF and date of birth to find out if other information was being sold in online forums, such as ID, voter registration, address and income information. The site did not store the query history and had only indications of what data was leaked, not the data itself.
Searched today by Tecnoblog, Allan did not answer.
In turn, the security company Syhunt allowed to check if companies were the target of another mega leak with 40 million CNPJs. “Due to the surprising demand for this type of report and order overload, we had to suspend the service indefinitely,” she says in a statement.
In addition, Syhunt clarifies that “it did not provide consultation on CPFs at any time because it is outside the company’s area of activity, which only focuses on information security and data privacy in the corporate segment”.
STF requires links to be taken offline
Last Wednesday (3), Minister Alexandre de Moraes of the STF determined that the PF open an investigation to investigate the data leak, the details of which were revealed exclusively by the Tecnoblog. He was motivated by a report from Estadão, which revealed the sale of personal information by President Jair Bolsonaro and court ministers.
“The commercialization of private and confidential information and data of members of this Court directly affects the privacy, privacy and personal security of its members,” says Moraes in an order.
He asks that four links be blocked:
- o I was leaked;
- a forum topic, now deleted, in which 37 categories of data were sold, including address, telephone, face photo, credit score, income and others;
- another topic on the same forum, still on the air, which points to the base with 223 million CPFs, name, date of birth and gender;
- the download page for this file with 223 million CPFs, which was taken down a few weeks ago.
Moraes still orders that “Google, Yahoo, Ask, Bing and others similar” remove references to the links above, which did not happen. He also wants search engines to block access to private data from STF ministers and other authorities.
Procon-SP asks for police investigation to be opened
On Thursday (4), Procon-SP asked the Civil Police to open a police investigation into the activities of the Fui Vazado website.
“The website itself, which identifies its developer as Allan Fernando, informs that it has access to more than 223,739,215 CPFs and 40,183,784 CNPJs contained in lists illegally made available on the internet, but it does not justify by which means it had access to personal data that were leaked ”, says the entity in a statement.
Last week, Procon had already asked the Cyber Crimes Division to open an investigation into the CPFs overflow. In addition, Serasa Experian was notified to clarify the case; it claims that it is not the source of the data.