The personal data of greater than 243 million Brazilians was doubtlessly accessible for at the least six months because of weakly encoded credentials stored in the supply code of the Brazilian Ministry of Health’s web site (by way of ZDNet). The safety challenge was first reported by Brazilian publication Estadão.
The personal information of anybody who had registered with Sistema Único de Saúde (SUS), Brazil’s nationwide well being system, could possibly be considered. That information included folks’s full names, addresses, and phone numbers, reported Estadão. The database additionally contains records of dwelling and useless folks as the inhabitants of Brazil was greater than 211 million in 2019, in response to The World Bank, which is about 32 million fewer folks than the reported variety of records that had been doubtlessly accessible.
The Ministry of Health’s web site saved the encoded entry credentials to the database of personal data in its supply code, stories Estadão. However, the login and password had been encoded utilizing Base64, a technique that may be simply decoded. Given you could take a look at any web site’s supply code with a keyboard shortcut or by accessing it in a menu, doubtlessly anybody might have discovered these encrypted credentials and, in the event that they had been savvy sufficient, decoded them to then entry the personal records of Brazilians.
Health records might be fairly useful on the black market given the quantity of personal data they usually embrace. If a foul actor knew of this vulnerability, it’s very attainable they may have taken this information to make use of for their very own nefarious functions or to promote later. The Ministry of Health has corrected the drawback, in response to Estadão.