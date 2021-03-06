RIO AND BRASÍLIA – Mega leaks of personal data will not be stopped. Now, more than 10 million email passwords from Brazilian Internet users have been exposed in the wake of the leak of 3.28 billion passwords worldwide, which occurred last month.

Estado DS. According to a study by Sihund, a Brazilian cybersecurity company that expects the Palo newspaper, among these millions of leaked passwords (all emails containing the “.br” domain) are thousands – more than 68,000 – of government agencies such as the National Congress and the Supreme Court. Petropras is also a victim, with more than 8,800 passwords exposed.

– The file containing more than 3 billion global passwords was fully released on the same online forum where more than 223 million Brazilian CPFs were leaked in January, but this is another leak – he explained to founder and security GLOBO Felipe Daragon. Expert at Sihand who has been in the business since 2003.

He continues:

– Our survey only indicated 10 million passwords found in emails ending in “.br”. If you take into account webmails such as Gmail with the “.com” domain, the number of leaks is five times higher. Worldwide, 26 million domains are affected.

For the public sector, only 68,500 passwords were found in emails ending in “.gov.br”. The emails with “jus.br” used by the judge, including the SDF, contained a total of 4,500 leaked passwords (with 98 “stf.jus.br”), and more than 200 leaked passwords in the “camara.leg.br” domain. “Camara.gov.br” counted more than 900 revealed passwords. In turn, the “senado.gov.br” domain provided 547 of them. Petropras also entered the dance, with more than 8,800 passwords linked to the company leaked.

Hackers have already compiled passwords in 2017, but the current one is more than twice as high as the previous photo: Pixabe / Agensia O Globo’s image of Tumisu

– It is important to note that the passwords found are not login passwords in government agencies, but passwords used by employees to access various services such as personal emails and other services – Targone explains.

He concludes:

– Many of them are old passwords. But this can also be a concern because hackers end up accessing a person’s password history, and many use the same passwords for different purposes or when updating them, add a star or two. For example, someone who lists anime names (Japanese cartoons) in the password and adds more when changing it gives a clue as to what will be next for the hacker.

Password leakage, comp (combination of multiple holes, in English abbreviation; the word “comb” means “comb”), size of 100 gigabytes (where 100 thousand 1MB photos fit).

With 3.2 billion passwords, it has more than doubled the number of passwords leaked by hackers from the previous set, which, as of 2017, leaked 1.4 billion of them.

Virtual life increases risk

Dragon believes the number of leaks is increasing because the home office and people are doing everything online. Everyone has more to do with setting aside other care than focusing on infections.

– With Govt’s ubiquitous and enriched virtual life, hackers seem to have felt a sense of impunity, and are showing themselves more and more. Passwords are posted on a forum on the web, not on the dark web – says the expert.

According to him, this information was released directly, not for sale, which happened in January, when the digital criminal put up for sale more than 77 million emails from users.

To try not to leak this kind of data, broker explains that people need to re-create passwords.

– It is necessary to break your own password creation system and avoid as much as possible the use of elements that can provide clues to hackers – he warns.

‘Old information’ says SDF

The Press Office of the Supreme Court (SDF) released a note stating that out of the more than 68,000 passwords leaked from the public administration, 98 are court sites.

According to the text, SDF’s Cyber ​​Security section provides access to the entire content and confirms that “this is a collection of old information from users who used enterprise email to register on services and websites.” Therefore, there would have been no invasion of the court system.

According to the note, in October last year, the court panel accessed corporate accounts, including leaked data, which spread in the dark web. “In light of this, the SDF User Service is already contacting users of relevant emails to update access credentials,” the text states.

The press office of Senator Rodrigo Pacheco (DEM-MG) denied that there were any leaks from the Gaza network. He said there was no damage to data or systems. “Evidence of disclosed access has not been compromised. These are old incidents that have already been dealt with and are being monitored, ”a note from the Senate said.

The press office of the Chamber of Deputies, which was questioned by GLOBO, said it would not comment.

Petropras has not yet returned until this article is published.