Earlier this morning, March 17th 2019, a hacker going by the name of “K4PP4K” announced a hack and data breach effecting to the National Agency of Petroleum, Gas and Natural Combustibles (ANP) of the Federal Republic of Brasil. Contained within a data leak affiliated with the website are the file folders of 3 databases attached to the back-end of the agencies website, along with the email, usernames and passwords of 9 administrators granting full root access over the site and all of its content.
At the present moment in time not much is known about K4PP4K, but this is their second such major hack of a National Brasilian agency dating back to February 24th 2019, when K4PP4K released various SQL vulnerabilities attached to the website belonging to the state government of Rio de Janeiro. Similarly, it’s suspected that SQLi is also how K4PP4K breached ANP’s website this week. Unfortunately though, ANP was officially tagged in the release a little more than 13 hours ago, meaning that if those admin credentials haven’t already been changed they almost certainly will be very shortly.
"Agência Nacional do Petróleo, Gás Natural e Biocombustíveis"
— K4PP4K (@zorkkappak) March 17, 2019