Data leak in Correios exposes data of thousands of users

You It turns out that Correios has detected a vulnerability and eventually inappropriate access to systems. from the company. While not providing a specific amount, About 5% of the millions of users of the Meu Correios app may have leaked mobile phone numbers linked to CPF.

The company reported last Monday (20) customers were advised to change the app password. While only preventative, action can prevent other leaks.

Correios said, “As soon as the situation was detected while accessing the platform via the website, it was reported to the National Data Protection Authority (ANPD) and new security measures were taken to ensure the confidentiality of personal data in the application in question.”

The company maintains that platforms such as Portal Correios, Tracking, CEP Search, Agency Search, Pre-Submission and others, even with unauthorized access they were not lifted from the air and continued to operate normally.

“In this way, Correios reaffirms its commitment to guaranteeing the reliability and information security of its digital channels to promote the best experience for customers and national and international e-commerce,” says a quote from the Correios official. Web site.

Warning to Brazilians

The number of cyber security problems has increased in the country. The Correios case is the second most notorious for involving agencies that provide public services in just the past two months. At the end of December, SPTrans, the company that manages public transport in the city of São Paulo, announced that it had been hit by a cyberattack that exposed data on 13 million records.

If we look at the last few years, the number of cases multiplies. In a very symbolic story, an event occurred that is considered one of the biggest leaks in Brazilian history. In it, the company PSafe announced that the confidential data of 223 million Brazilians had been leaked.

In this sense, institutions such as the Ministry of Health, the Supreme Court of Justice (STJ), the Federal Supreme Court (STF) and the federal government also experienced digital security problems.

Daniel Markuson, digital privacy expert at NordVPN, warns about this scenario: Brazilians should be even more vigilant. Even when there are gaps in companies, the right user behavior can reduce the likelihood of online privacy issues.

“What is often lacking is the attention of the user, who must take care of their online information. Brazil has solutions that help protect digital security, it’s up to Brazilians to protect themselves,” argued Markuson.

For example, although Brazilians fear that their financial information will be stolen, the expert said, almost half store their banking login information on multiple devices, which is considered too risky.

“It may seem inappropriate to enter your credit card information when you buy something online, but it’s the right thing to do. The internet is not a safe place and you should not entrust your information to third parties,” he explains.

What do criminals do with leaked data?

Cybercriminals can “party” with people’s personal information. In addition to selling data, they may try to implement a wide variety of scams. Markuson lists possibilities such as: doxing (a type of virtual harassment), cloning of phone numbers and using the name of the victim or their relatives and relatives.

“People become traceable by accepting cookies, using public Wi-Fi, and even having a smartwatch. And these are just a few of the many ways out,” says the NordVPN representative.

Earlier this month, Technology World reported an attempted coup, which was most likely only possible thanks to leaks. A journalist received a call from a man who pretended to be an Itaú bank employee. He almost believed the scammer, as he knew all the bank transactions.

At the time, the expert consulted by the report mentioned that an internal agent might be responsible for disclosing the information.

With this kind of sensitive information, scammers add other data like CPF, full name, maternal name, date of birth and everything else that makes the blow a little easier. After all, how can you not trust a person who knows everything about you?

What does the post office report?

In a note sent Technology World, Correios offered more details on the case. According to the state-owned company, the Meus Correios app has “millions of saved profiles”, but the leak affected “about 5% of users”.

“The information is given to the competent authority ANPD. In addition, as part of the protocol established by the Federal Government to public administration bodies, CTIR.GOV [Centro de Prevenção, Tratamento e Resposta a Incidentes Cibernéticos de Governo] also informed, which qualifies as a referral to the Federal Police,” reports a quote from the state-owned company.

Regarding passwords, the company made the following statement: had no impact on people’s access. But as a form of prevention, the exchange of login keys has been suggested.

“The company continues to invest continuously in cybersecurity and has invested more than BRL 80 million in cybersecurity and personal data protection for this,” they said.