The personal information of more than 243 million Brazilians was potentially accessible for at least six months thanks to weakly encoded credentials kept in the source code of the Brazilian Ministry of Health’s website (via ZDNet). The security issue was first reported by Brazilian publication Estadão.
The personal data of anyone who had registered with Sistema Único de Saúde (SUS), Brazil’s national health system, could be viewed. That data included people’s full names, addresses, and telephone numbers, reported Estadão. The database also includes records of living and dead people as the population of Brazil was more than 211 million in 2019, according to The World Bank, which is about 32 million fewer people than the reported number of records that were potentially accessible.
The Ministry of Health’s website stored the encoded access credentials to the database of personal information in its source code, reports Estadão. However, the