NEW DELHI: A data breach has compromised the personal information of nearly 250,000 Brazilian citizens through the CIEE (Centro de Integração Empresa-Escola) recruitment platform, cybersecurity company Resecurity announced this week. The incident exposes the vulnerabilities in cloud storage systems and highlights the growing threat to personal data in Brazil’s digital economy.
Dark Web Actor “888” Publishes Stolen Records
On July 1, 2025, a threat actor operating under the alias “888” published over 248,725 records containing sensitive personally identifiable information (PII) stolen from CIEE’s database. The breach targeted ONE CIEE, a personalized recruitment and selection service that connects job seekers with companies offering internships and apprenticeship programs throughout Brazil.
The service operates as a critical bridge between educational institutions and the business sector, serving major financial institutions, popular online platforms, energy companies, oil and gas providers, telecommunications firms, and technology companies across the country.
Profile of the Cybercriminal
Resecurity’s investigation reveals that “888” maintains a credible reputation within Dark Web communities, particularly for conducting large-scale data breaches. The actor has operated since at least 2024, successfully targeting major corporations including Microsoft and BMW (Hong Kong), with previous attacks spanning the technology, freight, and oil and gas industries.
The cybercriminal’s profile shows similarities to other notable actors such as IntelBroker, whom the FBI recently indicted for monetizing stolen data from various corporations and government agencies. Resecurity characterizes “888” as a sophisticated underground data broker operating for financial gain, specifically targeting public-facing services and applications.
Read Full Report: Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach
Validation of Stolen Data
Resecurity confirmed the authenticity of the leaked data after conducting extensive verification processes. The cybersecurity firm contacted multiple victims identified among the affected individuals and received confirmation that they were registered users of the CIEE platform. The actor shared sample records containing personal data of Brazilian citizens as proof of the breach but did not clarify the exact method of data exfiltration.
Cloud Storage Vulnerability Discovered
After conducting several hours of extensive research, Resecurity’s threat hunters identified the likely point of compromise through exposed cloud buckets. The investigation revealed a misconfigured Google Cloud Storage bucket (ciee-storage.storage.googleapis.com) belonging to CIEE that remained publicly accessible without authentication.
This configuration error exposed sensitive business and user data to the public Internet, representing a critical security vulnerability that cybercriminals increasingly exploit. The widespread adoption of cloud services, combined with frequent misconfigurations, makes this attack vector particularly attractive to threat actors.
2 Million Personal Records Exposed in Massive Data Leak, Reveals Shocking Resecurity Report
Scope of the Data Exposure
The exposed bucket contained over 364,000 files totaling approximately 28 GB in size, far exceeding the initial scope suggested by the Dark Web listing. The comprehensive data included:
Personal Documents and Media:
- 281,912 profile pictures in JPEG/PNG format
- Approximately 8,000 job application videos in MP4/MOV format
- Around 40,000 curriculum vitae documents in PDF/JPEG format
Sensitive Personal Records:
- 285 CSV files containing approximately 300,000 candidate records each
- Personal data including full names, postal codes, neighborhoods, cities, states, email addresses, phone numbers, disability status, CPF numbers, registration dates, ages, personality assessments, educational background, employment status, and work experience
Medical and Internal Documents:
- 2,838 medical reports in PDF format containing private medical evaluations
- 264 Excel documents with internal tracking sheets, analytics, candidate lists, and operational data
Critical Privacy and Security Implications
The breach carries severe implications for affected individuals and the broader Brazilian digital ecosystem. The exposure of CPF numbers (Cadastro de Pessoas Físicas), Brazil’s individual taxpayer identification system, creates significant risks for identity theft and financial fraud.
Privacy Concerns: The massive PII exposure affects thousands of individuals whose personally identifiable information became publicly accessible. This sensitive information can be used for future fraudulent activities, including identity theft and impersonation schemes. The inclusion of medical reports adds another layer of privacy violation that victims cannot easily remediate.
Security Risks: The breach extends beyond simple data exposure to include sensitive health data disclosure, potential credential leakage through configuration files, and reconnaissance support for adversaries planning future attacks. The combination of personal data with actual documents and medical information makes this breach particularly damaging and challenging to mitigate.
Business Impact: The incident potentially violates Brazil’s Lei Geral de Proteção de Dados (LGPD) and international data protection laws. Organizations face reputational harm as users lose trust in the platform’s ability to safeguard their information, along with significant financial liabilities from potential fines, penalties, and mitigation costs.
Regulatory Response and Compliance Issues
On July 2, 2025, Resecurity notified CERT.br about the vulnerability and shared actionable intelligence about the identified security flaw. The incident highlights the critical importance of LGPD compliance in Brazil’s evolving cybersecurity landscape.
Under LGPD regulations, failure to comply with data protection standards can result in administrative sanctions by Brazil’s data protection authority (ANPD), including fines of up to 2% of a company’s revenue in Brazil, capped at R$50 million per infraction. These penalties reflect the serious nature of personal data protection in Brazil’s digital economy.
Ongoing Threat and Mitigation Efforts
As of July 2, 2025, the security issue had not been fully contained, allowing the threat actor to continue collecting exposed PII. Resecurity acquired the exposed records and shared them with Brazil’s data protection authority to inform victims about the risks to their privacy.
The cybersecurity firm also integrated the acquired records into their Digital Identity Protection platform to alert businesses and consumers about the risk of data leaks. This proactive approach helps organizations identify potential threats before they can cause substantial damage.
Industry-Wide Implications
This incident underscores the critical need for vigilant security monitoring, proactive access management, and comprehensive cloud security governance across Brazil’s technology sector. Cloud bucket exposure has become one of the most persistent and damaging attack vectors for cybercriminals, driven by the combination of frequent misconfigurations, ease of discovery, and the high value of data stored in cloud systems.
Cybercriminals utilize automated tools to scan for publicly accessible buckets, enabling them to identify and exploit misconfigurations at scale. This trend continues to accelerate as cloud adoption increases without corresponding improvements in security configuration practices.
Expert Recommendations
Resecurity recommends that organizations conduct regular Vulnerability Assessment and Penetration Testing (VAPT) and perform ongoing cyber threat intelligence (CTI) gathering to detect potential targeting by cybercriminals at early stages. These proactive measures help prevent data breaches before they can cause substantial damage to both organizations and individuals.
The cybersecurity firm emphasizes that vulnerabilities leading to personal data leakage can result in significant regulatory penalties under LGPD. This makes compliance not only a legal obligation but also a critical cybersecurity concern for organizations operating in Brazil’s digital economy.
Moving Forward
As Brazil continues to strengthen its position as a regional technology leader, incidents like the CIEE breach highlight the importance of robust cybersecurity practices and regulatory compliance. The combination of sophisticated threat actors, cloud infrastructure vulnerabilities, and valuable personal data creates a challenging environment that requires continuous vigilance and improvement.
Organizations must prioritize secure configuration, regular security audits, and robust access controls to mitigate the risk of cloud bucket exposure. The scale and sensitivity of the exposed data in this incident require thorough post-incident reviews and ongoing improvements to infrastructure management to prevent recurrence.
This breach serves as a stark reminder that even well-established organizations serving major corporations and financial institutions remain vulnerable to basic configuration errors that can expose massive amounts of sensitive personal information. The incident demonstrates that cybersecurity requires constant attention to both technological solutions and proper implementation practices.
By delivering cutting-edge threat intelligence and compliance automation, cybersecurity firms like Resecurity play a crucial role in helping organizations meet LGPD standards and build a safer, more trusted digital future for individuals, companies, and the public sector in Brazil.