Cybersecurity: Major Leak Exposes Millions of Records

One of the largest data breaches in recent history exposed personal information of approximately 340 million people in at least 27 countries. The breach, discovered by independent cybersecurity researchers and later confirmed by data protection regulatory authorities in Europe and the United States, involved a marketing data aggregator that collected and resold consumer profile information to digital advertisers.

What Was Exposed and How It Happened

The compromised data includes full name, email address, phone number, home address, online purchase history, and behavioral profile information of hundreds of millions of people. The breach occurred through a combination of factors: a misconfigured cloud storage bucket with no authentication, and an API key with excessive permissions that allowed read access to all records.

The database was publicly accessible for at least 47 days before being discovered. During that period, automated scanning tools had already indexed and possibly copied the data. Researchers found evidence that at least three known threat groups accessed the material, with indications of use for phishing campaigns and financial fraud attempts.

Regulatory Response and What Users Should Do

Brazil's ANPD opened an administrative proceeding to verify whether Brazilian citizens were affected and whether the data controller complied with the notification obligations set forth in the LGPD. In Europe, the GDPR provides for fines of up to 4% of global revenue for infractions of this nature. For users, the immediate recommendations are: enable two-factor authentication on all relevant accounts, monitor financial activity, and be wary of emails or calls using personal information in unusual ways — a clear sign that the data is already being used by malicious actors.