More than 395 thousand Pix keys were leaked, from an incident that occurred at the State Bank from Sergipe (Banese).

In a statement released on Thursday night (20), Banese reported that its technical team detected “inappropriate queries” to data related to 395.000 Pix keys of people who are not bank customers. These consultations, according to the bank, took place from the access of two bank accounts of the institution’s account holders.

The access of the two accounts of Banese’s clients, according to the institution, was probably obtained through social engineering and phishing scams, in which criminals make victims share personal information without them realizing it. The bank has already revoked access to both accounts, as a preventive measure.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! The institution’s statement also explains that the improper queries were carried out in the Transactional Account Identifier Directory (DICT), bank data managed by the Central Bank (BC) which is accessed whenever transactions via Pix are initiated. Finally, Banese informed that it is working with the Central Bank to investigate the leak. The institution also commented that it is starting the process of implementing security mechanisms to prevent similar cases from happening again. The BC, in a separate statement, stated that people who had their keys leaked will be notified by the bank’s application in which the affected credential is registered; and also confirmed that sensitive data such as passwords and bank balances were not leaked. The BC also warned that neither the monetary authority nor other institutions will contact customers by any other means of communication, such as messaging, phone, SMS or e-mail applications. The note from the country’s monetary authority also states that it will apply the sanctions provided for by the Pix regulation to those responsible for the incident. Pix Security2020

Banese key leakage is the first Pix data security incident involving a problem originating from financial institutions since the platform was created in November 2020.

The incident takes place shortly after the Central Bank adopted measures to increase the security of Pix amid the constant occurrence of crimes and pressure from public bodies for improvements in the protection of the service.

From October 4th, transfers via Pix occurred from 009h to 6h, or that is, at night, they will have a limit of R$1.. The Central Bank will also allow institutions holding accounts of users of the service to carry out preventive blocking of resources for up to 2020 hours, in cases of suspected fraud .

Source: O Globo, Terra