A hacker is selling information allegedly stolen from Brazil-based internet service providers (ISPs)
The SafetyDetectives cybersecurity team found a forum post containing data that appears to have been stolen from Brazil ISP TECKLINK. The post was published on November 6, 2023.
Screenshot of the post selling access to TECKLINK’s system
The hacker claims to have accessed a backend portal linked to TECKLINK, allowing them to extract and edit customer data as well as access system backups. They are selling the access for $120 and left contact information for their Telegram account.
Sample screenshot shared by the hacker displaying TECKLINK’s backend portal
Upon our cybersecurity team’s inspection of the screenshots shared, it appears the hacker is accessing the ISP’s system through the backend portal of an employee’s account. If such is the case, this means anyone who purchases access to the system can do anything that other TECKLINK employees are authorized to do.
Sample screenshot shared by the hacker displaying TECKLINK’s customer database in a .xls file
The samples display the following customer information:
- Full names
- Phone numbers
- Email addresses
- Precise coordinates (longitude and latitude)
- Location details, such as names of cities and neighborhoods
Sample screenshot shared by the hacker displaying TECKLINK’s customers’ geolocation
Aside from customer information, the hacker included screenshots of other internal company data, including a map of what seems to be TECKLINK’s customer pool.
Below is a breakdown of the leak:
Two hours later, the same hacker published another post selling access to Veloxnet’s system. Veloxnet is another Brazil-based ISP. The hacker alleged that the system contained information about more than 30,000 users. For $150, those who buy access could extract or edit the data.
Screenshot of the post selling access to Veloxnet’s system
SafetyDetectives reached out to TECKLINK and Veloxnet to report the leaks we found, but we have yet to receive a reply.
Potential Impacts
Given that the hacker is selling not only the allegedly stolen data but also access to the compromised backend portal, malicious actors could cause further damage to the infrastructure of the ISP. Cyberattackers can potentially tamper with the ISP’s backend portals, allowing more people to gain access to user data and confidential company information or exposing more of the ISP’s systems.
In addition, the customer information exposed in the leak can be exploited for elaborate phishing attempts. Hackers could use the names and email addresses to target the users; they could impersonate ISP personnel and lure individuals into divulging more personal details or making payments to specific accounts.
Since the backend access hackers are selling will also provide malicious actors control of the ISP’s systems, the entire browsing activity of users can potentially be compromised. Cyberattackers could use the information they gather to hack online accounts, access personal records stored online, or blackmail users into revealing more sensitive information.
What Should You Do if You Think You’re Affected?
If you use TECKLINK or Veloxnet as your ISP, you may take the following steps to secure your data, especially if you’ve noticed unusual activity in your online accounts.
- Review accounts, platforms, and websites you access and take measures to safeguard your data, such as changing user credentials or removing sensitive personal information.
- Check the devices you use to connect to the internet through your ISP and consider disconnecting them immediately or removing confidential files or communications.
How to Protect Your Data Online Using a VPN
ISPs monitor their customers’ internet activity and act as the bridge between users’ devices and the worldwide web. When an ISP’s system is hacked, all unprotected data that passes through the ISP can be extracted by malicious actors and used for various cybercrimes. It’s important to safeguard your data when browsing online to avoid falling victim to such situations.
One of the easiest ways to protect yourself while surfing the web is by using a virtual private network (VPN). A VPN encrypts your activity before it passes through your ISP so that prying eyes won’t see anything but unreadable or scrambled data. This way, a leak affecting your ISP won’t necessarily expose your personal information or browsing activity. To get started, you may check out our guide on how to choose the best VPN.
What Are Clearweb Leaks and Why Should You Care?
Hackers use all corners of the internet to share information, organize cyberattacks, and talk about data breaches. Some hackers’ preferred channels are clearweb forums. These are online networks that allow users to post information about breaches and leaks. They offer anonymity to their members and have features like paywalling for users who choose to require payment in exchange for access to the data they offer.
SafetyDetectives’ cybersecurity researchers scour popular data breach forums on the clear web to find and report on the latest data leaks being sold or shared for free. We operate within legal and ethical boundaries when investigating and do not engage in, endorse, or promote illegal activities, hacking, or the unauthorized acquisition or dissemination of data.
Any references to illicit activities are for reporting purposes only, based on third-party sources or findings, and not firsthand engagements by our team.
Our disclosures are rooted in meticulous research and are intended solely for informational and preventive purposes. In no way should these reports be construed as allegations, insinuations, or indicators of fault or negligence by any individual or organization.
For those who may be using similar services, it’s crucial to stay alert and mindful of any unusual activity. We encourage a proactive approach to online safety, ensuring the safeguarding of personal information wherever possible. Always remember: your digital well-being is in your hands.
About Us
SafetyDetectives.com is the world’s largest antivirus review website. The SafetyDetectives research lab is a pro bono service that aims to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data.
The SafetyDetectives cybersecurity team has reported similar leaks and breaches affecting VPN service providers and Wi-Fi management companies.
In May 2023, we discovered an alleged data breach involving i2VPN, where hackers shared the freemium VPN service provider’s admin credentials and dashboard URL through a Telegram group.
In September 2021, our cybersecurity researchers found an exposed, misconfigured WSpot server that contained 10 GB of data and 226,000 files. WSpot is a Brazil-based software company that offers Wi-Fi management solutions. The data leak has exposed sensitive information belonging to around 2.5 million users.
By reporting on these incidents, we aim to proactively inform potentially affected parties earlier so that they can act quickly to protect their data.