What’s Going On?

Our team of white-hat hackers discovered an open ElasticSearch database that belonged to Guiche Virtual. Guiche Virtual is a Brazillian business that provides online bus ticket booking across the country through different bus companies. The service is distributed online via mobile apps — Guiche Virtual on iOS and Guiche Estrada on Android. It seems that the leaked data contains information collected from both platforms as well as data from the company’s online platform. Though the company is located in Brazil, the vulnerable server was hosted in the US. The leak exposed detailed information about users’ private data and activity, including:

How Did It Happen and Whose Data Was Available?

Guiche Virtual stored a lot of its data on an ElasticSearch server. By default, installing an ElasticSearch engine on a server comes with no access authentication enabled. This means that if the server is connected to the open web, it automatically becomes available to anyone with access to the internet. The default settings don’t apply the authorization as ElasticSearch servers are originally designed to be used only on internal networks. However, many administrators aren’t aware of this detail and, as a result, don’t set up password authentication or IP whitelisting. The unsecured database exposed over 26GB of data with approximately 17,000 Personal Identifiable Information (PII) and 3.6 million emails, including duplicates. The total size of the leaked data kept changing as the database server was live and updated daily. Since the company is located in Brazil, it seems that most of its users were also Brazilian.

What Are The Risks and What Should I Do Now?

Any data leak, regardless of what company it happens to, is a potential significant privacy breach that puts everyone involved at huge risks of being targeted by cybercriminals and scammers. Guiche Virtual leak exposed viable information about thousands of users, including their home addresses and even some passport details. This compromised data may lead to many threats, such as: Anyone who has used Guiche Virtual should be on the lookout for suspicious emails and phone calls. Phishing attempts always try to mimic trustworthy organizations, such as banks or insurance companies, but you can spot certain differences in the sender’s address upon further inspection. However, if you’re even in doubt about an email’s credibility, you can check directly with the company you think sent it. On top of that, watch out for “too good to be true” scams that ask for any personal information as these could be social engineering attempts. Additionally, you may want to enable two-factor authentication on your online accounts, including social media profiles. This can help prevent attackers from gathering extra information about you, even if they successfully crack leaked hashed passwords. With two-factor authentication turned on, you’ll receive a notification as soon as someone unauthorized tries to access any of your profiles. Always remember that once your data is shared online, it’s always likely to be involved in an online data leak. That’s why you should limit the amount of information you post to the bare minimum.

Why Should I Trust WizCase?

WizCase is a widely popular web security platform offering advice and tips for thousands of readers every week. Translated into over 30 languages, our website has gained the trust of a wide number of people worldwide. Our team regularly discovers new data breaches across the internet and contacts them to companies responsible for them prior to publishing any reports. Together, we’re working hard towards creating a safer online environment for everyone. In this case, we reached out not only to Guiche Virtual, but also Brazillian Computer Emergency Response Team (CERT). The latter sent us a response email explaining they contacted the company and helped with securing the misconfigured server.