Brasilian IT Firm Tivit Suffers from 2nd Round of Data Leaks

On December 12th 2018, in what would become my second most read article of all time, Rogue Media Lab featured a report covering the hack of Tivit, A Brasilian based IT solutions and network storage provider. At the time, Defcon Labs, the original publisher behind the leaks, had reported that “the data seem to be internal process documentation of the company itself,” adding that it was “uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” However, a later report published by ZDNet on December 14th went on to reveal that, according to Tivit representatives, “nine members of staff had suffered a phishing attack through an email that contained a malicious link” – thus allowing the hackers to gain access to company computer/servers to steal the data.

Today the company suffered from its second round of leaks, featuring new information not included in the December 12th leak. In a posting to Pastebin earlier this morning, unknown hackers allegedly  posted access to 30 GB worth of data tied to password files and email archives of 10 Latin-American companies: Bradesco, CEF, Votorantim Energia, TecnicaZurick, Faber, Banco Original, CIP, Klabin and Acominas.

** EDITORS NOTE: The 9 additional downloads posted through mega.nz have already been taken down in the +3 hours since the leaks were posted online, but all data hosted through AnonFiles is still live/active. **

Additionally, in statements to Rogue Media Labs, Aline Rodrigues, a corporate spokesperson representing TIVIT, wanted my readers to know that:

A TIVIT comunica que as informações publicadas na data de hoje, 08.01.2019, são provenientes do mesmo incidente de segurança ocorrido e noticiado em dezembro de 2018. Trata-se, portanto, apenas de uma publicação de informações relacionadas ao incidente anterior. Os clientes envolvidos já foram notificados e as ações cabíveis foram tomadas em comum acordo com eles. Reforçamos que não houve nenhum tipo de invasão aos data centers da empresa, das redes de acesso da TIVIT ou de nossos clientes.

Translation for English Readers:

“TIVIT announces that the information published on today’s date, 08.01.2019, comes from the same security incident that occurred and reported in December 2018. It is therefore only a publication of information related to the previous incident. The clients involved have already been notified and the appropriate actions have been taken in agreement with them. We reinforce that there was no invasion of the company’s data centers, TIVIT access networks or our customers.”

Leak 2 | January 8th 2019

Raw Leak (8,313 Lines): https://pastebin.com/KE8uKBAE

Leaked Files/Databases:

Download 1 (1.68MB): https://anonfile.com/wfzfW0p5b2/Guia_Desenvolvimento_Projetos_REST_API_pdf
Download 2 (44 B): https://anonfile.com/4dz9W6pbbf/KLABIN_usr_banco_sap_txt
Download 3 (350 B): https://anonfile.com/Acz4W7p3bf/Mexico_zurich_acesso_txt
Download 4 (1.04 MB): https://anonfile.com/B2z5Wcp1b3/Modelo_de_Uso_do_GitLab_pdf
Download 5 (28 B): https://anonfile.com/Fez1Wcpbbb/semente_txt
Download 6 (214.91 KB): https://anonfile.com/G1z5Wcp2b6/Zurich_Mexico_servers_backupeados_xlsx
Download 7 (392.86 KB): https://anonfile.com/Kcz7W2p4b3/Zurich_Auditoria_Chile_docx
Download 8 (1.05 MB): https://anonfile.com/O7z6W7p0b3/TokenTivit_exe
Download 9 (1.32 MB): https://anonfile.com/Q0z3W7p2b4/Servidores_Acominas_xls
Download 10 (31.57 KB): https://anonfile.com/d50aW7pdbd/ecm.corp.form1_JPG
Download 11 (11.7 KB): https://anonfile.com/e400W6p5bc/Cronograma_ECM_-Bradesco_Unificado_pdf
Download 12 (34.43 KB): https://anonfile.com/f207Wcpbb2/ecm.corp.form2_JPG
Download 13 (220.74 KB): https://anonfile.com/g106Wcpcbe/GDBF-9226_png
Download 14 (391.12 KB): https://anonfile.com/ib04Wdp7ba/ECM-Bradesco_-_2018-01-03_pptx
Download 15 (197.95): https://anonfile.com/rf08Wbp6b3/ecm.corp.workflow_zip
Download 16 (466.8 B): https://anonfile.com/v907Wdp1b1/ecm.corp.cargas_zip

All files

4,4G 27 Dez 10:39 NG 2.zip.001
4,4G 27 Dez 10:44 NG 2.zip.002
428M 27 Dez 10:44 NG 2.zip.003
2,8G 21 Dez 16:30 cr-email.zip
736M 1 Out 00:15 em-files.zip
700M 29 Set 19:36 fs-files.zip
6,3G 21 Dez 16:39 vs.zip

https://mega.nz/#!66g2mARL!H2Oc416sM82MlTDpcQhGzZyIAT77t1a37GLBgLrOefw
https://mega.nz/#!Py4gFApQ!dS2N1wU17gcQeiClmQQCTupec_Eje4wkH3j9oFFacJU
https://mega.nz/#!y65gBS7C!vI7sQi4q2sN4SuoLR_7Xdznz-Jb-xGFkSnjazhDTgZk
https://mega.nz/#!L7pU0Cga!jQZcYqtI0VelPGD7yD9Rp3QacoMvGxF7kfrfLBG__Pc
https://mega.nz/#!frh0QKQb!XNYJTyxgZEYHHXMRxa2Uh5Ml3lPSl3Vei4pANj3a_EE
https://mega.nz/#!vuoSCYLY!WCb_O3tHr1uWUT35UMD72n0OQ0PD0OE0v8eluvZ3tp4
https://mega.nz/#!q2pwSI7Z!xZDwMr-PKFbpBKm_QHcFvfFgi-byfnxv711LQ4Z_WYg
https://mega.nz/#!GjomzAiL!ZNiPc_nMKsQ9wId6QTTJ4HpRc96KvEauPmbgYisg_dw

Leak 1 |December 11, 2018:

Raw Client Credentials Leak: https://pastebin.com/7RZCj45S
Database File Download 1 (18.31 MB): https://anonfile.com/M7ObI0k1b0/Leak_zip
Database File Download 2 (617.68 KB): https://anonfile.com/X6Vbpanfb3/KBA00052701-TOPOLOGIA_DE_REDE_CHEQUE_LEGAL_SP_RJ_v344_pdf
Database File Download 3 (266.83 KB): https://anonfile.com/i5W0pan9bb/KBA00051808-Topologia-CIP_Ambiente_STD_pdf
Email Database Download (149.69 MB): https://bayfiles.com/76Jej8lbbf/Emails_7z



Categories: Hacking News

Tags: , , , , , , , , , , , , , , ,

Leave a Reply

Your email address will not be published.

Do NOT follow this link or you will be banned from the site!
%d bloggers like this: