Brinztech Alert: Database of Cansei Vendi (Luxury Resale) is on Sale (580k Records)

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of a database belonging to Cansei Vendi (canseivendi.com.br), a prominent Brazilian luxury consignment e-commerce platform (“Cansei, Vendi” translates to “I got tired, I sold”). The dataset reportedly contains 580,000 records (approx. 102MB) and is being offered for a relatively low price of $360.

Brinztech Analysis:

• The Target: Cansei Vendi serves a specific, high-value demographic: individuals buying and selling pre-owned luxury goods (e.g., Chanel, Louis Vuitton, Hermes).
• The Data: The leak is a “fullz” package for Brazilian citizens. It reportedly includes:
  • Full Names & Emails
  • Phone Numbers
  • Physical Addresses (implied by e-commerce nature)
  • CPF (Cadastro de Pessoas Físicas): Brazil’s National ID number. This is the critical identifier for all financial transactions, including the instant payment system Pix.
• The Risk Profile: The exposure of CPF + Phone Number + High-Income Status is the perfect recipe for Pix fraud and “Whale Phishing.” The low price ($360) ensures this data will be bought by multiple low-level fraud gangs immediately.

Context: This breach adds to a massive wave of cybercrime in Brazil in late 2025. Reports indicate fraud attempts surged 50% in Q1 2025 alone, with fintechs being a prime target. The Brazilian Central Bank is even preparing a “CPF block” system for December 2025 to combat the rampant opening of fraudulent mule accounts using leaked data like this.

Key Cybersecurity Insights

This alleged data breach presents a specific and immediate threat to high-net-worth Brazilians:

• Targeted “Whale” Phishing: The user base is affluent. Attackers can use purchase history (if included) or just the association with a luxury brand to launch sophisticated spear-phishing attacks (e.g., “Problem with your consignment payout” or “Authenticity check required for your item”).
• Pix Fraud & Financial Exploitation: With a valid CPF and phone number, criminals can attempt to register the victim’s key for Pix on a mule account or use the data to bypass knowledge-based authentication at banks.
• Synthetic Identity Fraud (Fintech): The leak is explicitly marketed for “fintech KYC exploitation.” Criminals use “clean” profiles (high credit score individuals) to open credit lines at digital banks that rely on automated KYC checks.
• Regulatory Impact (LGPD): This breach is a direct violation of Brazil’s Lei Geral de Proteção de Dados (LGPD). Cansei Vendi faces mandatory reporting requirements to the ANPD and potential fines of up to 2% of revenue.

Mitigation Strategies

In response to this claim, Cansei Vendi and its customers must take immediate action:

• Proactive Customer Notification: The company must notify customers immediately. Transparency is vital. Warn them specifically about fake consignment offers or “Pix reversal” scams via WhatsApp.
• Monitor “Registrato”: Affected individuals should check the Central Bank’s Registrato system to see if any unauthorized bank accounts or loans have been opened in their name using the leaked CPF.
• MFA Enforcement: Cansei Vendi should enforce Multi-Factor Authentication (MFA) for all user accounts to prevent account takeovers.
• CPF Fraud Alert: Customers should be advised to use the new (or upcoming) Central Bank tools to lock their CPF from opening new accounts if they suspect misuse.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com