A database of 8 million Brazilians was put up for sale for US$320 (about R$1,720 at the current price) in a forum frequented by hackers. Among the leaked information are phone number, work address, proof of residence, profile information and Facebook photos.

As reported by the digital consulting company HarpiaTech to Tilt, the data is true and integrates a global leak of 990 million Facebook profiles, collected through flaws detected in the social network. The breach allowed the collection of information such as name, telephone, gender, marital status, place of work and date of last activity on the profile.

The consultant’s partner, Filipe Soares, says that the company carried out an analysis with 50 profiles, comparing Facebook photos with WhatsApp photos of the leaked number, and it was found that they were of the same person. The asking price by the hacker – who had Mark Zuckerberg in his profile picture – was $40 (about R$215) for information on each million profiles, which had to be paid in bitcoins.

The company stated that it will deliver a report with the information collected to the ANPD (National Data Protection Authority), the Federal Police and the Public Ministry of the Federal District.

data security
The data is part of a global leak of 990 million Facebook profiles, collected through flaws detected in the social network (Source: Pexels)Source: Pexels


The crossing of data leaked on the internet increases the possibilities for criminals. According to Soares, if someone were to correlate information from a Facebook profile with data leaked in January, such as CPF and address, a criminal could open an account in a digital bank using a selfie available on the social network to validate the registration, for example. It would also be possible to request the emergency withdrawal of the FGTS or the practice of phishing.

For Soares, some precautions can be taken to reduce the chances of possible fraud: redouble attention to avoid cases of phishing, activate two-step authentication on all platforms that have the function, use the Have I Been Pwned website in case of a leak by email to find out the extent of the damages and consult the Registrato, the Central Bank’s platform that gathers all accounts in financial institutions linked to a CPF, enabling the recognition of undue loans or debts.