Eleven Tickets

We've been tracking a concerning rise in breaches impacting Latin American e-commerce platforms, often involving poorly secured databases and a lack of adequate data protection measures. What really struck us wasn't the volume of records in this particular breach, but the inclusion of sensitive CPF numbers alongside other personal details, significantly increasing the risk of identity theft for affected individuals. The data had been circulating quietly in a known breach-trading community, but we noticed it gaining traction as it was cross-posted to a more public Telegram channel, suggesting a potential increase in exploitation.

Eleven Tickets Breach: 196k Brazilian Users Exposed

In early January 2022, the ticketing website Eleven Tickets suffered a significant data breach that exposed the personal information of 196,000 users. We discovered the breach when a database dump appeared on a private forum known for trading compromised credentials and data. What caught our attention was the inclusion of CPF numbers (Brazilian taxpayer identification) alongside more common PII, such as names, email addresses, and phone numbers. This specific combination of data makes the breach particularly impactful, as it provides malicious actors with the necessary information to conduct targeted phishing campaigns, identity theft, and financial fraud.

Key point: Total records exposed: 196,000

Key point: Types of data included: Email Address, First Name, Last Name, Phone Number, CPF Numbers, Physical Addresses

Key point: Sensitive content types: PII

Key point: Source structure: Database dump

Key point: Leak location(s): Initially a private forum, later cross-posted to a Telegram channel.

Key point: Date of first appearance: January 1, 2022

The breach underscores the ongoing challenges faced by organizations in protecting sensitive customer data, particularly in regions with evolving cybersecurity landscapes. The inclusion of CPF numbers is especially concerning, as this identifier is widely used in Brazil for various financial and administrative transactions. The incident highlights the importance of robust data protection measures, including encryption, access controls, and regular security audits, to mitigate the risk of data breaches and protect individuals from identity theft and fraud. This ties into the broader threat theme of exposed databases and the increasing automation of data exfiltration and distribution via platforms like Telegram.

External Context & Supporting Evidence

While there was limited coverage in major international news outlets, Brazilian tech news sites reported on the breach shortly after it occurred. Several online forums and Reddit threads discussed the implications for affected users, with many expressing concern about the potential for identity theft. One Telegram post claimed the files were "collected from a misconfigured AWS S3 bucket."

Email · Address · First · Name · Last · Phone · Number