Confidential information of more than 243 million Brazilians was available to receive all those who wanted due to poorly encoded credentials, which were stored in the original code of the official website of the Brazilian Ministry of Health. As a result of the security incident, unauthorized access to medical records of living and deceased residents has become possible.
For six months, each wishes could view the personal data of each user registered in the National Health System of Brazil Sistema único de Saúde (SUS). Data leak revealed:
- the full name of the person;
- address of residence;
- telephone number;
- All Medical Card.
It is noted that about 32 million records belong to the deceased residents of the country. The fusion data is relevant for 2019.
Authorization credentials were encoded using BASE24 encoding, which can be easily decoded. Almost everyone who wished to view the source code of the official website of the Brazil Ministry of Health and database credentials by clicking on the F12 or on the "View source code" button in the context menu.
Confidential medical records are highly appreciated in Darknet, because they are usually stored a large number of confidential information. Hackers can use such data to blackmail patients and health workers due to the delicate nature of stolen information.
Left-defined medical records subjected millions of Brazil residents with the risk of financial fraud, capturing accounts on various services, theft of money and personal data. Malefactors part use personal human data to create fake profiles in order to commit different cybercriminals.
Ilya Krochenko, the head of ImmuniWeb, commented on the news: "Such leaks occur due to the fact that organizations are hired to develop the safety systems of the most low-paid specialists. Usually, the development of software and security systems is transmitted to the outsourcing cheap suppliers, as a result of which the Customer receives a low-quality code with an appropriate security level. Cybercriminals are well aware of this, so they are not difficult to get all the necessary confidential information from such sites. "
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.