Brinztech Alert: The Alleged Database of Comunidadfeliz is on Sale

Dark Web News Analysis

The dark web news reports a major data breach involving ComunidadFeliz, a widely used software platform for building administration and property management in Chile. A threat actor on a hacker forum is selling a database allegedly containing 724,000 user records.

The seller is asking $901 USD for the dataset and is open to using an Escrow Service, communicating via encrypted channels like Telegram and Session. The compromised fields are critical for Chilean citizens, including Full Names, Email Addresses, Phone Numbers, Physical Addresses, and the highly sensitive RUT Identifiers (Rol Único Tributario).

Key Cybersecurity Insights

Breaches of property management software are “Tier 1” physical and financial threats because they expose the intimate details of where people live and how they pay their bills:

• “Gastos Comunes” Phishing: The primary functionality of ComunidadFeliz is managing “Gastos Comunes” (common expenses). Attackers can use the Email and Address data to send highly realistic fake monthly bills to residents. If the victim clicks the payment link, they are directed to a phishing site that steals their banking credentials.
• The RUT Fraud Risk: In Chile, the RUT is the master key to identity. It is used for everything from supermarket points to bank loans. Combined with Full Names and Phone Numbers, attackers can use the RUT to commit subscription fraud, open retail store credit cards, or impersonate the victim to utility companies.
• Physical Security & Burglary: The leak includes Physical Addresses linked to specific names. Organized crime groups can use this to target specific high-income buildings or individuals, knowing exactly who lives in which apartment.
• Tenant vs. Owner Profiling: The data likely distinguishes between owners and tenants. Attackers can leverage this to run “Owner Scams” (pretending to be the landlord demanding urgent rent) or “Tenant Scams” (pretending to be the administration).

Mitigation Strategies

To protect residents and the integrity of the community, the following strategies are recommended:

• Billing Verification: Residents should be warned to never pay “Gastos Comunes” via links received in SMS or email without verifying the sender. Payments should only be made through the official ComunidadFeliz app or direct bank transfer to known accounts.
• RUT Alert: Affected individuals should monitor their “Boletín Comercial” or financial reports for any unauthorized credit inquiries made using their RUT.
• Password Reset: Force a mandatory password reset for all 724,000 users. If the password was shared with other services (like email), those must be changed too.
• Admin Awareness: Building administrators should be trained to spot social engineering attempts where attackers pose as residents to gain physical access codes to the building.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com