Electronic payment systems have been growing rapidly in recent years, pushing physical currencies into the background and, as a result, increasing the digital linkage of payments. As a result, the number of scams targeting banking companies has been increasing. On November 4th, it was PagSeguro's turn to suffer the so-called registration hijackings, with information showing that around 1 million subscribers had their data made available on cyber forums as samples.
The information was confirmed by posts from hacker ShinyHunters who claimed information theft from WireCard, a company linked to PagSeguro.
In a statement, MOIP, the controlling company of WireCard, confirmed the unauthorized access and informed users in order to uphold the company's principles. However, the PagBank system stated that the theft has no relation to PagSeguro data.
In research carried out between 2016 and 2021, the company presented around 7 million customers in Brazil, 1/7 of whom were digital victims of the recent scam, who had their sensitive data shared, which according to the LGPD is: “[…]ddata relating to health or sexual life, genetic or biometric data, when linked to a natural person”.
Furthermore, the security organization explained that the form of access was through SHA1, Argon2 and BCrypt encryption with factor 10, which appear next to the emails of those affected indicating the exposure of the customers' passwords.
This event brings to light a dichotomy in the modern world, since at the same time that we have technological instrumentalization that improves social desires, it is necessary to take care of the issue of privacy in the innovation of new products and services that are placed on the market, to avoid the side effect that companies have faced with the theft of their customers' data.
Source: https://www.cisoadvisor.com.br/moip-comunica-vazamento-de-dados-de-clientes/
By: Leonardo Neri; Fernanda Lobato and Fabiana Porta