Sky Brasil, one of Brazil’s largest internet service providers (ISP) has exposed private information on all 32 million of its users. This leak was discovered by Brazilian independent researcher Fabio Castro. The information was stolen via an improperly configured ElastiSearch search engine that Sky Brasil had been maintaining online at two IP addresses. The search engine for Sky Brasil users data was accessible via two IP addresses without password protection.
In total, Sky Brasil leaked 28.7GB of users log files and a whopping 429.1GB of API data. The leaked data includes private, identifiable information that could be used by hackers to blackmail or impersonate victims. This is Brazil’s biggest exposure of private data but is not the worst that the internet has seen this year. Castro explained the gravity of the exposed data to Bleeping Computer:
“The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods. Among other information the model of the device, serial numbers of the device that is in the customer’s home, and also the log files of the whole platform.”
If Sky Brasil customers had been using Private Internet Access, their exposed IP address would not be linked to their internet history. This would allow them to maintain their privacy even in the event that their internet service provider gives up their information.
Privacy in Brazil has never been more precarious
Brazilian ISPs do not have the best track record when it comes to privacy, as evidenced by yearly reports on their practices. This latest exposure of 32 million Brazilians private internet logs and IP addresses is a cherry on top that should remind internet users everywhere, but especially in Brazil, that things are precarious. There is also talk of new cyber laws coming into play that may shake things up further for Brazilians. This recent incident just highlights the need for Brazilians to take internet privacy into their own hands.