Eduardo Maes

🇧🇷 Brazil – Creditas Allegedly Breached * A threat actor claims to have compromised Creditas, one of Brazil's largest fintech and lending platforms. * The actor alleges access to: * 85,000+ CPF records (claiming the dataset may exceed 1 million records) * 170,000+ company CNPJ records * Mobile phone numbers * Validated credentials * Active OAuth tokens * Payroll-related records * Reconciliation data * High-value debtor information * OTP-related data mappings * The post further claims exposure of: * Full names * Brazilian taxpayer IDs (CPF) * Loan balances * Loan status information * Corporate records * Financial and payroll data * The threat actor references alleged vulnerabilities including GraphQL-related issues, IDORs, and SSRF, although no independent verification has been provided. * If authentic, the exposure could present significant risks including: * Financial fraud * Identity theft * Account takeover * Loan application fraud * Targeted phishing campaigns * Corporate intelligence gathering * Financial institutions remain high-value targets due to the concentration of sensitive identity, lending, and payment information within their environments. Analyst Note: The most concerning aspect of this claim is not the volume of records but the alleged combination of financial profiles, authentication-related data, and validated credentials. If confirmed, this would significantly increase the risk of downstream fraud and account compromise against both individuals and organizations. #DDW #Intelligence #Creditas #DarkWeb

🇧🇷 Brazil: CEMIG AI Assistant (IBM Watson) Database Allegedly Leaked * Threat actor claims to have compromised CEMIG's IBM Watson-powered AI assistant environment * According to the post, the dataset allegedly contains exported data collected between September 2022 and April 2026 * The actor states the released archive represents only a partial dump (~0.7% of the claimed full dataset) * Claimed exposed data includes: * 243,328 unique conversations * 30,053 unique CPF numbers * 158,388 unique phone numbers * 42,750 unique email addresses * The threat actor alleges the dataset contains approximately 474,519 unique PII entries * The listing references: * Customer interactions with the AI assistant * Conversation metadata * User identifiers * Contact information * Support request details * Internal system references and transaction data * The actor further claims the complete dataset exceeds 72GB compressed, while the publicly released sample is approximately 500MB compressed Analyst Note: If authentic, this incident would be particularly significant because conversational AI platforms often contain highly contextual information that traditional databases do not. Beyond standard PII exposure, leaked chatbot interactions may reveal customer inquiries, account details, service issues, behavioral patterns, and operational workflows. Such datasets can substantially increase the effectiveness of phishing, social engineering, fraud, and identity theft campaigns. #DDW #Intelligence #DarkWeb #CEMIG