Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach
Resecurity has uncovered a massive data breach in Brazil's CIEE One platform, compromising the sensitive information of over 248,725 individuals. The breached data was later sold by underground data broker "888" on the dark web, highlighting the ongoing threat of cybercrime in the country.
The Breach: A Personalized Recruitment and Selection Service
CIEE One is a personalized recruitment and selection service offered by CIEE Centro de Integração Empresa-Escola (Business-School Integration Center) for companies seeking candidates for internships and apprenticeship programs. The platform connects specialists and businesses, ranging from major international corporations to local entities in Brazil.
The affected companies include top financial institutions such as Bradesco, Caixa, Claro, BRF, and many others. CIEE One claims to connect talent with the largest companies in Brazil, making it a valuable platform for recruitment processes. However, this also makes it an attractive target for cybercriminals looking to exploit sensitive personally identifiable information (PII).
The Anatomy of the Breach
According to Resecurity's analysis, the exposed Google Cloud Storage bucket was the root cause of the compromise. This vulnerability allowed threat actors to access the breached data, which included ID records, contact information, medical reports, scans of documents, and other sensitive information.
The Role of Underground Data Broker "888"
Notably, the stolen data was sold by underground data broker "888" on the dark web. This actor has been active since at least 2024, targeting corporations in various industries, including tech, freight, and oil & gas. "888" is known for selling acquired databases exclusively due to his great reputation and proven track record of leaks within the underground community.
Resecurity characterizes "888" as a sophisticated underground data broker operating for profit (financially motivated), targeting public-facing services and applications. His activities overlap with those of notable actors, such as IntelBroker, who was recently indicted by the FBI for monetizing stolen data on the Dark Web belonging to various corporations and government agencies.
The Statistics Behind the Breach
According to expert statistics, 41% of cloud breaches are caused by misconfigurations, with exposed buckets being a leading contributor. This highlights the need for improved security measures and configuration hardening in cloud services.
Conclusion
The CIEE One data breach serves as a reminder of the ongoing threat of cybercrime in Brazil. The exposure of sensitive PII and documents poses significant risks to individuals and organizations alike. It is essential for companies to prioritize security measures, such as configuration hardening and vulnerability assessments, to prevent similar breaches in the future.