Personal data of 15,000 partner-fans, advisers and former players were exposed on the internet and, supposedly, were already being used by cybercriminals for possible phishing scams. The data were exposed by the Mais Vasco slate, winner in the club’s presidential election with candidate Jorge Salgado. The votes were collected via the internet.
A virtually complete meal for cybercriminals
An anonymous source revealed to the TecMundo that the documents were open and accessible to anyone. In total, 14,818 people are classified as “Great Benefactors”, “Benefactors”, “Emerites”, “Remidos”, “Benefactors Remidos”, “Champions”, “Proprietário Diamante”, “Proprietário Ouro”, “Proprietário Bronze” and “Assets”.
The revealed data involve full name, individual registration number (CPF), date of birth, social category, registration and admission.
Silence in the field
O TecMundo sought contact with the plate More Vasco through all available contacts and, unfortunately, did not receive any response until the afternoon of this Wednesday (09) – attempts to contact have been happening since last Thursday, the 3rd.
The disclosure of this leak will not explain in detail how the data was found, since Mais Vasco has not yet solved the problem.
Data like this, exposed and compiled in this way, is more dangerous than it looks. In fact, they are a complete meal for cybercriminals.
Phishing and social engineering scams are much easier to carry out with this information in hand. When knowing that an individual is associated with a sports club and which social class belongs, it opens the possibility for scams that involve sending false messages (more credible, given the information snapped up) to obtain more data or even bank details.
Be wary of SMS, emails and messages on WhatsApp
To protect yourself from these scams, prefer official channels of any service, be proactive. Be careful with your personal data: never enter your full name, CPF, PIS / PASEP or any other personal data on websites, profiles on social networks or any other electronic means. If in doubt it is better to stop the process than to hand your information over to unknown sites. Be wary of SMS, emails and messages on WhatsApp.