Brasilian IT Firm Tivit Suffers from 2nd Round of Data Leaks

On December 12th 2018, in what would become my second most read article of all time, Rogue Media Lab featured a report covering the hack of Tivit, A Brasilian based IT solutions and network storage provider. At the time, Defcon Labs, the original publisher behind the leaks, had reported that “the data seem to be internal process documentation of the company itself,” adding that it was “uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” However, a later report published by ZDNet on December 14th went on to reveal that, according to Tivit representatives, “nine members of staff had suffered a phishing attack through an email that contained a malicious link” – thus allowing the hackers to gain access to company computer/servers to steal the data.

Today the company suffered from its second round of leaks, featuring new information not included in the December 12th leak. In a posting to Pastebin earlier this morning, unknown hackers allegedly  posted access to 30 GB worth of data tied to password files and email archives of 10 Latin-American companies: Bradesco, CEF, Votorantim Energia, TecnicaZurick, Faber, Banco Original, CIP, Klabin and Acominas.

** EDITORS NOTE: The 9 additional downloads posted through have already been taken down in the +3 hours since the leaks were posted online, but all data hosted through AnonFiles is still live/active. **

Additionally, in statements to Rogue Media Labs, Aline Rodrigues, a corporate spokesperson representing TIVIT, wanted my readers to know that:

A TIVIT comunica que as informações publicadas na data de hoje, 08.01.2019, são provenientes do mesmo incidente de segurança ocorrido e noticiado em dezembro de 2018. Trata-se, portanto, apenas de uma publicação de informações relacionadas ao incidente anterior. Os clientes envolvidos já foram notificados e as ações cabíveis foram tomadas em comum acordo com eles. Reforçamos que não houve nenhum tipo de invasão aos data centers da empresa, das redes de acesso da TIVIT ou de nossos clientes.

Translation for English Readers:

“TIVIT announces that the information published on today’s date, 08.01.2019, comes from the same security incident that occurred and reported in December 2018. It is therefore only a publication of information related to the previous incident. The clients involved have already been notified and the appropriate actions have been taken in agreement with them. We reinforce that there was no invasion of the company’s data centers, TIVIT access networks or our customers.”

Leak 2 | January 8th 2019

Raw Leak (8,313 Lines):

Leaked Files/Databases:

Download 1 (1.68MB):
Download 2 (44 B):
Download 3 (350 B):
Download 4 (1.04 MB):
Download 5 (28 B):
Download 6 (214.91 KB):
Download 7 (392.86 KB):
Download 8 (1.05 MB):
Download 9 (1.32 MB):
Download 10 (31.57 KB):
Download 11 (11.7 KB):
Download 12 (34.43 KB):
Download 13 (220.74 KB):
Download 14 (391.12 KB):
Download 15 (197.95):
Download 16 (466.8 B):

All files

4,4G 27 Dez 10:39 NG
4,4G 27 Dez 10:44 NG
428M 27 Dez 10:44 NG
2,8G 21 Dez 16:30
736M 1 Out 00:15
700M 29 Set 19:36
6,3G 21 Dez 16:39!66g2mARL!H2Oc416sM82MlTDpcQhGzZyIAT77t1a37GLBgLrOefw!Py4gFApQ!dS2N1wU17gcQeiClmQQCTupec_Eje4wkH3j9oFFacJU!y65gBS7C!vI7sQi4q2sN4SuoLR_7Xdznz-Jb-xGFkSnjazhDTgZk!L7pU0Cga!jQZcYqtI0VelPGD7yD9Rp3QacoMvGxF7kfrfLBG__Pc!frh0QKQb!XNYJTyxgZEYHHXMRxa2Uh5Ml3lPSl3Vei4pANj3a_EE!vuoSCYLY!WCb_O3tHr1uWUT35UMD72n0OQ0PD0OE0v8eluvZ3tp4!q2pwSI7Z!xZDwMr-PKFbpBKm_QHcFvfFgi-byfnxv711LQ4Z_WYg!GjomzAiL!ZNiPc_nMKsQ9wId6QTTJ4HpRc96KvEauPmbgYisg_dw

Leak 1 |December 11, 2018:

Raw Client Credentials Leak:
Database File Download 1 (18.31 MB):
Database File Download 2 (617.68 KB):
Database File Download 3 (266.83 KB):
Email Database Download (149.69 MB):

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.