Following the "Apache server leakage" late last year, a new error – this time in a Simple Simple Service (S3) issue – just as 250 GB of Brazilian customers' online banknotes are online.
Of the total files, 350 MB were sent to the electronic magazine. The loft and published this Monday (22). Data Group cautioned members of a team of independent Brazilian researchers specialized in identifying critical vulnerabilities in industrial applications and systems. Understand the following matter better:
Amazon server failure
Cloud storage of Amazon, Simple Storage Service (S3), is the source of the problem. An incorrect configuration would have made his access public. In this way, each user could download the files present without verification.
According to The loftThis would consist of a recurring server error and would require manual binning to block public access.
Within the total files received by the electronic magazine are a number of digitized personal documents, such as RG, CPF and CNH (National Driver's License).
Other leaks include other examples, such as credit cards, address proofs, money orders, statements, contracts, payslips, and payrolls. The profiles of affected holders are about pensioners, pensioners, military or civil servants.
Until now, a number of victims of this leak are not responsible, because the number of exposed – and unorganized – files is large.
Most influenced institution
The most affected financial institution in any case would have been Banco Pan. With a larger set of documents exposed, the company appeared in debtor debit requests discovered in & # 39; e collection, that would be captured by trading partners.
It is worth remembering that the company previously belonged to the Sílvio Santos Group, under the name PanAmericano. In May 2011, it was sold in its entirety to Banco BTG Pactual S.A., which has since controlled the organization with Caixa Participações S.A. – Caixapar.
Exposed data from other companies are also being investigated, according to the The loft. The publication soon promises more information.
Pan bank positioning
TudoCelular contact Banco Pan to get an updated position from the leaked document setup. The company press office sent a note similar to that published in the & # 39; e report The loft, which denies ownership of & # 39; s neighborhood and confirms that the registration data is collected by business partners. View it in full:
“The Bank is aware that the environment in question is not owned and that no inves- tigation was found after a careful analysis of its security systems.
When working with business partners, potential customer registration data is determined by such partners, prior to effective formalization of an operation with the Bank, which takes appropriate measures when identifying abuse of this information.
It confirms that information security is one of its priorities, in line with internationally recognized best protection practices required by regulators.
In keeping with society, it remains available to co-operate with the facts. ”
What is your assessment of internet banking leaks? Do it!