D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
Led by Noam Rotem, vpnMentor’s research team discovered a data breach affecting an enterprise software solution and exposing a database containing files related to a Brazilian financial company called Prisma Promotora.
A software tool was used to manage and interpret data from every aspect of the company’s operations.
Unfortunately, a cloud storage account connected to the software was left unsecured and publicly accessible by the software owner. It compromised the private information of 10,000s of people connected to Prisma Promotora, exposing them to fraud and other dangers.
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, our team originally discovered an unsecured Amazon Web Services (AWS) S3 bucket containing over 570 gigabytes of files and data from a mobile app.
Upon investigating the mobile app, we determined that the data belonged to an Enterprise Resource Planning (ERP) system being used by Prisma Promotora that was connected to the AWS account.
We initially contacted the company we assumed was the owner of the bucket. As they didn’t get back to us, we contacted AWS directly to notify it of the breach. AWS often notifies users of breaches and misconfigurations when we are unsuccessful in doing so.
Meanwhile, we continued investigating the S3 bucket to confirm some additional details. After some additional research, we identified Prisma Promotora as the assumed sole owner of the exposed data, but not the S3 bucket itself. Due to this discovery, we also contacted the company to notify it of the breach and the risk to its customers.
The breach was closed about a month after this.
The files exposed huge amounts of Personally Identifiable Information (PII) data for 10,000s of people. This included:
Numerous voice recordings outlined negotiations for a loan agreement, with a person’s details and financial information explicitly outlined, including the ID number and bank account number.
In another audio recording, a person working at Prisma Promotora can be heard requesting a lot of sensitive information about a customer over the phone.
A software tool was used to manage and interpret data from every aspect of the company’s operations.
Unfortunately, a cloud storage account connected to the software was left unsecured and publicly accessible by the software owner. It compromised the private information of 10,000s of people connected to Prisma Promotora, exposing them to fraud and other dangers.
Data Breach Summary
| Company responsible for the leak | Enterprise software provider |
| Data exposed | Prisma Promotora’s |
| Headquarters | Sao Paulo, Brazil |
| Industry | Consulting and financial services |
| Size of data in gigabytes | 574 GB |
| No. of files in S3 Bucket Exposing Prisma Promotera | 717,068 files |
| No. of lines in SQL database Exposing the Potential ERP Software Company | 10,000s |
| No. of people exposed | 10,000s |
| Date range | Mid-2020 |
| Geographical scope | Brazil |
| Types of data exposed | PII data; photos; credit card details; account login credentials; audio recordings |
| Potential impact | Fraud and identity theft; Scams, phishing, and malware; corporate espionage; theft; account takeover; database takeover |
| Data storage format | Misconfigured AWS S3 bucket and SQL database |
Timeline of Discovery and Owner Reaction
- Date discovered: 29th December 2020
- Date potential bucket owner contacted: 30th December 2020
- Date Amazon Contacted: 3rd January 2021
- Date Prisma Promotora Contacted: 5th January 2021
- Date of Response: –
- Date of Action: By 14th February 2021
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, our team originally discovered an unsecured Amazon Web Services (AWS) S3 bucket containing over 570 gigabytes of files and data from a mobile app.
Upon investigating the mobile app, we determined that the data belonged to an Enterprise Resource Planning (ERP) system being used by Prisma Promotora that was connected to the AWS account.
We initially contacted the company we assumed was the owner of the bucket. As they didn’t get back to us, we contacted AWS directly to notify it of the breach. AWS often notifies users of breaches and misconfigurations when we are unsuccessful in doing so.
Meanwhile, we continued investigating the S3 bucket to confirm some additional details. After some additional research, we identified Prisma Promotora as the assumed sole owner of the exposed data, but not the S3 bucket itself. Due to this discovery, we also contacted the company to notify it of the breach and the risk to its customers.
The breach was closed about a month after this.
Example of Files in the S3 Bucket
The S3 bucket contained a massive amount of files from a wide range of sources. While we can’t confirm the data’s origins with 100% certainty, it appears to belong to the company Prisma Promotora, which was using the ERP software to track and manage customer data.The files exposed huge amounts of Personally Identifiable Information (PII) data for 10,000s of people. This included:
- Full names
- Email addresses
- Phone numbers
- DOBs
- Debit card information
- Brazilian CNPJ identification numbers
- ID photos
- Home and workplace addresses
- Registration details for personal vehicles
- Police background check statuses
- Much more
~105,000 Audio and Video Files
Voice recordings and videos in Portuguese apparently belonging to Prisma Promotera were exposed by the bucket misconfiguration.Numerous voice recordings outlined negotiations for a loan agreement, with a person’s details and financial information explicitly outlined, including the ID number and bank account number.
In another audio recording, a person working at Prisma Promotora can be heard requesting a lot of sensitive information about a customer over the phone.