Bitdefender Blog

Passwords, e-mail addresses and usernames of 14 Brazilian public servants were stolen and dumped on the internet by a hacker group as high-profile hacking campaigns continue to inspire smaller, local attacks.

The credentials of the employees of the Centro de Atendimento ao Cidadão, which assists citizens in areas including bureaucracy and legal matters, were stolen by the Sophia Hacker Group, most likely after hacking into the MySQL Database of the public organization. The theft also included the MD5 password hashes.

The hacker group, operating under the motto 'Separated we are a big headache, but together... a true legend!' (Separados somos uma grande dor de cabeca, mas juntos... uma verdadeira lenda!), publicly disclosed the sensitive data via social networking and content sharing platforms.

“As media and law enforcement authorities focus on the current `stars' in the hacking industry such as Anonymous and LulzSec, more and more small groups or individuals are assuming similar roles in medium and small communities,” said Catalin Cosoi, Head of Bitdefender Online Threats Lab. “This type of action is to some extent derived from the larger political agenda of major hacktivists, but fueled by the discontent of its local agents, which also explains its effervescence.”

According to another content sharing platform, Sophia Hacker Group is also responsible for the recent 'special defacement' of Web sites belonging to other public institutions, such as the Military Police of the northeastern State of Sergipe or the Municipality of Itambaracá, with a population of a few thousand people in Brazil’s south.

The incident follows a significant credentials leak in Brazil earlier this week, when a lone hacker apparently breached the database of an e-commerce site and revealed more than 1,500 customer credentials.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.