Password Mismanagement Leads to the Leak of 243 Million Health Records

Another stunning security incident has exposed the personal information and health records of nearly a quarter of a billion Brazilians. The leak was reported by a Brazilian publication in early December 2020.

The full names, telephone numbers and addresses of 243 million Brazilian citizens was exposed after the password needed to access the information was forgotten and left inside the public-facing source code of a website. The discrepancy between the country's current population of around 210 million and the huge number of records exposed is due to the fact that the records included a lot of entries for people who have passed away over the years.

The staggering security mistake actually left the password completely open for public viewing. According to the report published by ZDNet, the login credentials to the database containing the health records were stored in base64 format and the base64 strings were exposed to anyone who would press the "view source" button in their browser.

The fact that the strings were encoded with base64 is little consolation, as the format is very easily decryptable, even with free online tools.

The Brazilian government claimed that while there was significant potential exposure of information, there was no hard evidence that the information was illegally accessed by bad actors.

What makes matters worse is that the password mishap happened due to the poor handling of the database and website by a third-party company. This only serves to highlight how important the third-party vendor selection process is and how easy it is for a huge government organization to suffer a potential massive security accident simply because it did not choose a reliable private partner.

The data that was exposed could easily be used for a number of malicious purposes, from credential stuffing to impersonation and fraud. Sadly, as with all data leaks, there is nothing you can do to protect yourself from a company or organization handling poorly the information you submitted to them.

December 23, 2020
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.