27 November 2020

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak


Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

A password leak exposed personal information of 16 million Brazilians who underwent tests for COVID-19, according to newspaper O Estado de S.Paolo. The exposed records included such information as individual taxpayer IDs, addresses, telephone numbers, and pre-existing medical conditions.

As per the newspaper, among the people affected by the breach are President of the Republic Jair Bolsonaro, ministers of the federal government and 17 state governors, including Minister of Health Eduardo Pazuello.

The leak was not the result of a cyber attack, but was caused by an employee of the Albert Einstein Hospital in the city of Sao Paolowho had free access to the Ministry of Health’s databases - E-SUS-VE and Sivep-Gripe that are used to store data on COVID-19 patients. The employee uploaded on his personal GitHub account a spreadsheet with usernames, passwords, and access keys to sensitive government systems to test a new implementation model, but then forgot to remove the file from the public page.

The spreadsheet was ultimately removed from GitHub, and government officials changed passwords and revoked access keys to ensure the systems are protected.

Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021