Brazil's health agency has suffered what is arguably the worst data-exposure in world history, losing 243m+ records in a country of 211m people (the excess represents dead peoples' records).

For more than six months, the HTML for the website for the Sistema Único de Saúde included the login and password to access the database as an administrator; the credentials were obscured through Base 64 encoding, a trivially detected measure that is just as easy to bypass.


It was the second grave security error at SUS in less than a month (last month, a SUS techie posted a spreadsheet with the system's database keys, logins and passwords to Github, exposing 16m records).

Another leak exposed records in the country's covid tracing data.

The exposed records include the most highly sensitive information: names, dates of birth, full health records, addresses and phone numbers.



Included in the breach are many officials, including the Brazilian dictator Jair Bolsonaro and his junta.

The insecure systems were built by an IT contractor called Zello (formerly MBI Mobi), which has billed the Brazilian state $8.5m since 2017.

The vulnerabilities were discovered by the NGO Open Knowledge Brasil, who sounded the alarm. The breach puts every Brazilian at risk of identity theft and many other forms of cyberattack.


· · Web · 1 · 1 · 1


𝗬𝗼𝘂 𝗮𝗿𝗲 𝗹𝘆𝗶𝗻𝗴. 𝗕𝗼𝗹𝘀𝗼𝗻𝗮𝗿𝗼 𝗶𝘀 𝗻𝗼𝘁 𝗮 𝗱𝗶𝗰𝘁𝗮𝘁𝗼𝗿 𝘀𝗲𝗿𝘃𝗶𝗻𝗴 𝗮𝗻𝘆 𝗷𝘂𝗻𝘁𝗮.

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré est une serveur Mastodon francophone, géré par La Quadrature du Net.