Security researchers have identified a significant data breach in one of the major platforms in Brazil. The breach affected the CIEE One platform, which connects businesses and trainees for internships and apprenticeships. This has led to the compromise of sensitive personally identifiable information (PII) for 248,725 individuals. The CIEE One service is widely used by top financial institutions and major international corporations within Brazil.
According to the Resecurity HUNTER team, an exposed Google Cloud Storage bucket was the root cause of the compromise. The exposed cloud buckets remain very widely exploitable by threat actors due to a lack of proper protection. Threat actors target such services because they aggregate large amounts of sensitive PII collected for due diligence. This makes them very valuable targets for cybercriminals who are seeking to monetize the stolen information.
The stolen data includes ID records, contact information, medical reports, and scans of important personal documents.
The stolen data was notably offered for sale by an underground data broker who goes by the alias “888”. The profile of this data broker “888” has existed on the dark web since at least the year 2024. This actor is known to be a “straight shooter,” selling acquired databases exclusively to maintain his great reputation. He has a proven track record of significant data leaks within the underground community of cybercriminals. Resecurity characterizes “888” as a sophisticated underground data broker who is operating entirely for his own financial profit.
The stolen data can be easily monetized on the Dark Web and used for identity theft and financial fraud.
The security company Resecurity alerted the affected party about the data breach and the exposed cloud storage bucket. They also shared further intelligence about the incident with the Computer Emergency Response Team Brazil (CERT.br). The data broker “888” has previously successfully targeted corporations, including Microsoft, BMW, and others in the tech industry. This specific incident underscores the significant risks that are associated with third-party service providers and cloud storage. It highlights the ongoing challenge of securing large amounts of sensitive data aggregated by recruitment platforms.
Reference:
