Brasilian Based Cloud Storage & IT Solutions Firm Tivit Compromised by Massive Data Breach

In news first brought to my attention via Defcon Lab on December 12th 2018, various databases and cloud storage servers belonging to Tivit, a Brasilian based IT solutions and network storage provider, were hacked/compromised by unnamed assailants. In a series of leaks across Twitter over a 5 day time period, between December 7th-12th 2018, the login user names and credentials to more than a dozen Tivit cloud storage clients/accounts were dumped online. At the present moment in time no one has claimed responsibility for the hack, and it appears as though though the Twitter handle used to leak the information online (@infoleakbr) was created earlier this month exclusively for this very purpose.

About the incident in question, as was explained by Defcon Labs, “São quase mil linhas de código que aparentam conter rotinas internas da empresa, além de credenciais de acesso de diferentes clientes empresariais de grande porte.” Adding that “Os dados parecem ser documentação de processo interna da própria empresa, sendo incerto se foram produto de uma ação ofensiva ou publicados involuntariamente por equívoco.” You can view all the leaks in their entirety below.


About the incident in question, as was explained by Defcon Labs,”there are almost a thousand lines of code that appear to contain internal company routines, as well as access credentials of different large enterprise customers.” Adding that “The data seem to be internal process documentation of the company itself, and it is uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” You can view all the leaks in their entirety below.

Identifiable Clients Exposed By The Breach:

CIP – hxxps://
JMACEDO – hxxp://
MULTIPLAN – hxxp://
BRASKEM – hxxps://
FABER – hxxp://
SAE – hxxp://
MITSUI – hxxps://
ZURICH – hxxps://
KLABIN – hxxps://
VOTORANTIM – hxxp://
SEBRAE – hxxp://

Raw Client Credentials Leak:
Database File Download 1 (18.31 MB):
Database File Download 2 (617.68 KB):
Database File Download 3 (266.83 KB):
Email Database Download (149.69 MB):

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.