Early this morning, January 16th 2019, a hacker known as “Tr3v0r” announced credit for a hack of the Brasilian Federal Police – Ministry of Public of Public Safety division. In a leak made available to the public via the Pastebin web service, Tr3v0r leaked the root login credentials of 6 staff webmail administrators, exposing the entirety of the departments internal emails archives, along with the personal emails of 249 Brasilian police officers. However, it must be noted that Tr3v03 was arrogant enough to tag Brasilian police in the leak, meaning that if those passwords haven’t already gone inactive they will very shortly.
Additionally, while the hacker did not disclose how he managed to breach the site, taking a closer look at hacks he has performed throughout the past, more likely than not he was able to breach the website via SQL Injection effecting a vulnerable URL address attached to the websites back-end. You can browse through the entirety of the leak below.
Raw Leak: https://pastebin.com/HQYjqJT8
Internal Email Server: hxxp://webmail.dpf.gov.br/login.php
— Tr3v0r (@MatheusTDashh) January 16, 2019