FacePass data leak exposes 1.6 Million files containing sensitive Brazilian user info
Learn More
A significant data leak has been discovered at FacePass, a Brazilian identification application, exposing over 1.6 million files containing sensitive user information and company system credentials.
The Cybernews research team uncovered the leak on an exposed Amazon Web Services (AWS) S3 bucket. This incident is very concerning due to Brazil's recent nationwide initiatives to implement digital identification systems and biometric verification technology across various sectors.
The exposed data includes:
- Brazilian national identification documents
- Verification selfies
- AWS access credentials
- Users' full names
- CPF numbers (Brazilian tax identification)
- Phone numbers
The exact number of affected individuals beyond the 1.6 million exposed files is not disclosed. FacePass has addressed the security vulnerability following notification by the Cybernews research team. However, the company has not yet issued an official statement regarding the incident.
Cybercriminals could combine the stolen national ID information with verification selfies to bypass biometric verification systems, potentially compromising security measures at other services.
The exposure of FacePass's AWS credentials compounds this issue, as it could potentially allow unauthorized access to additional company systems and data.
