All citizens of Brazil exposed through unprotected Elasticsearch instance

A significant data breach in Brazil has been discovered by security researchers, potentially jeopardizing the entire Brazilian population.

The researchers found a publicly accessible Elasticsearch instance, which is commonly used for managing, analyzing, and visualizing large data sets. This instance held over 223 million records, surpassing Brazil's current population of about 217 million. The data included sensitive personal information like:

• taxpayer numbers,
• full names,
• dates of birth,
• genders,
• CPF numbers - a unique 11-digit identifier for Brazilian taxpayers.

While this sensitive information is no longer publicly accessible, there's a high likelihood that malicious parties might have already accessed it, raising concerns about potential identity theft, fraud, and other cybercrimes.

The origin of the data leak remains unknown as it was not linked to any specific company or organization, leaving the source of the breach. But the volume of the dataset and it's content indicates a government organization - possibly tax authority or financial institution.