A serious data exposure may have affected around 21 thousand Claro and NET employees, including technicians and outsourced workers. The records were available on a poorly configured server belonging to the company’s maintenance area, with folders containing copies of identification documents and even contracts signed by providers — the entire volume was publicly available and could be accessed by anyone.
The database was divided into folders, each belonging to a worker and identified with an individual login. Inside, copies of the RG and driver’s licenses for each of them could be found, as well as CPF regularity certificates and contracts bearing the professionals’ signatures, as well as other information such as home address and the outsourced company by which they were hired.
Copies of documents and contracts signed by more than 21,000 employees were on an unprotected server, used in maintenance systems by Claro and NET (Image: Screenshot/Felipe Demartini/Canaltech)
According to systems analyst and Information Technology consultant Francisco Cavalcante, who denounced the breach to Canaltech, the data are part of Claro’s internal portals for the technical area. Image assignment terms, for example, allow photos of professionals to appear in apps and be shared with customers during visits, for example.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
Outside this environment, however, they can be used to commit fraud and scams against individuals. According to Cavalcante, the information could be used for different purposes such as sending false charges, opening bank accounts, requesting loans and subscribing to services, including those of Claro itself. Even the financing of larger vehicles and goods could be done with such information, says the expert.
“[O servidor] it brought information from employees and outsourced workers from all over Brazil”, he continues, pointing out that only the folder where the information was was publicly accessible, with the server itself, used by the internal system of the technical area, requiring a login and password to be accessed. “With a command or basic script, it was possible to download the entire contents of the directory, with each folder having between one and three documents”, explains the specialist.
Folders identified by logins of Claro and NET workers had one to three documents, exposing employees of the company’s technical area to fraud and scams (Image: Screenshot/Felipe Demartini/Canaltech)
While some directories brought digital copies of identification documents, others also had proof of CPF regularity; only the image assignment term seemed to be a constant. Cavalcante also emphasizes that handling such information without proper security is a natural practice among employees, with the sharing of screenshots even from internal systems being common.
In any case, he says, it is difficult to understand exactly how exposed this data is from such a vulnerable environment. “There is no way to be precise if the data was exposed to more people, mainly malicious individuals, since it was in a simple and open page, without codes or scripts to count hits”, he adds.
Signature and address records filled in by hand by Claro and NET employees; server has been closed, but there is no information about third party access (Image: Screenshot/Felipe Demartini/Canaltech)
It is also not possible to know how long the information was publicly available. Canaltech received the complaint on August 19 and, the following day, informed Claro about the matter, with the closing of the server being identified six days later, when the documents downloaded as samples were also deleted by the report. Check the operator’s statement in full:
Claro informs that it became aware of the complaint and that measures are being taken to investigate it. Among the actions, the immediate disabling of the address in question. We emphasize that it is Claro’s policy to protect its infrastructure, in accordance with good practices, in order to prevent unauthorized access.
Attention to misuse
The recommendation to individuals is of caution and monitoring regarding the possibility of improper use of their personal data. Cavalcante suggests, for example, the use of the Registrato, a tool provided by the Central Bank that allows the analysis of accounts, debts and other financial transactions on behalf of citizens, which can help identify fraud.
“At the slightest sign or warning of unrecognized debt, it is necessary to act quickly so that there is no greater harm to the victim, contesting [a cobrança] immediately and consulting a lawyer”, concludes the analyst. He also cites credit analysis services, such as Serasa and Boa Vista, as ways to monitor any misuse of information.
Those eventually affected should also pay attention to contacts by phone, e-mail or messages, on behalf of companies or Claro or NET itself. The ideal is to avoid filling out registrations, giving personal and banking information, clicking on links or downloading solutions without being absolutely sure about the veracity of the contact. When in doubt, prefer the official means of assistance.
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.