Brinztech Alert: Database of Aiqfome is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a massive database that they allege was stolen from Aiqfome, a Brazilian food delivery platform. According to the seller’s post, the database contains over 7.2 million unique user records with data spanning from 2022-2024. The purportedly compromised information is exceptionally comprehensive, including full names, CPF (Brazilian national ID number), emails, phone numbers, physical addresses, detailed order history, and internal system data like tokens and session IDs. The seller claims the leak was a result of the company failing to respond to a responsible disclosure attempt.

This claim, if true, represents a catastrophic data breach with the potential to impact a significant portion of the platform’s user base in Brazil. A database containing this level of detailed personal and financial information is a “full identity kit” for criminals. It provides all the necessary components for them to commit large-scale identity theft, financial fraud, and launch highly convincing, personalized phishing campaigns. A confirmed breach would also be a severe violation of Brazil’s Lei Geral de Proteção de Dados (LGPD).

Key Cybersecurity Insights

This alleged data breach presents a critical and widespread threat to Brazilian consumers:

• Catastrophic “Full Identity Kit” Breach: The most severe risk is the alleged exposure of the Brazilian CPF number alongside a user’s full name, address, phone number, and date of birth. This is a complete toolkit for criminals to commit severe, long-term identity theft and financial fraud.
• A Goldmine for Hyper-Targeted Fraud: The combination of PII with detailed order history allows for incredibly convincing scams. Criminals can impersonate Aiqfome or a specific restaurant, reference a user’s real past orders, and trick them into providing payment information for a fake “failed” delivery or a fraudulent special offer.
• Compromise of Internal Tokens and Session IDs: This is a critical technical risk. Leaked internal tokens and session IDs could potentially be used by sophisticated attackers to bypass normal login procedures and directly hijack active user sessions, leading to immediate account takeovers.

Mitigation Strategies

In response to a claim of this nature, Aiqfome and its users must take immediate and decisive action:

• Launch an Immediate Investigation and Regulatory Reporting: The highest priority for Aiqfome is to conduct an urgent forensic investigation to verify the claim. If the breach is confirmed, under Brazil’s LGPD they have a legal obligation to report the incident to the national data protection authority (ANPD) and notify all affected users.  
• Mandate Invalidation of All Credentials and Tokens: The company must enforce an immediate, mandatory password reset for all users. Critically, all active session IDs and other internal authentication tokens must also be invalidated to prevent session hijacking.  
• Enforce MFA and Proactively Communicate with Users: The company must urgently implement and enforce Multi-Factor Authentication (MFA) to secure user accounts. They must also transparently communicate with their entire user base about the potential breach, warning them about the high risk of targeted phishing and identity theft.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com