If CPFs and full names are included, the data is used for fraudulent loan applications or "SIM swapping."
The list serves as a directory for targeted SMS (Smishing) or WhatsApp-based scams. 82K DE INOCES.txt
Often shared in "Checker" or "Looter" groups as free samples to promote paid database access. If CPFs and full names are included, the
Attackers use these lists to "stuff" credentials into other websites, hoping for password reuse. Likely a "Combo List" (email:password or user:password) or
Likely a "Combo List" (email:password or user:password) or a lead list containing full names, CPFs (Brazilian tax IDs), and phone numbers. Common Data Structure
Based on similar leaks in the Brazilian underground market, the internal structure typically follows one of these formats: email@provider.com:password Full Name|CPF|Phone Number|Date of Birth Username|Password|IP Address Source & Distribution These files are typically distributed via:
Collected from "scampages" targeting banks, streaming services (Netflix/Spotify), or government portals. Security Implications