Shopee: Data from 150 Pix keys are leaked – 09/20/2024 – Market
A flaw in the security system exposed personal data linked to 150 Pix keys from Shopee (SHPP Brasil Payment Institution and Payment Services LTDA.), the Central Bank reported on Thursday night (19).
Information such as user name, CPF number, bank institution, branch, account number and type was leaked. Sought by SheetShopee has not yet commented.
According to the Central Bank, no sensitive data was exposed, such as passwords, information on transactions or financial balances in transactional accounts, or any other information under banking secrecy.
“The information obtained is of a registration nature, which does not allow movement of resources, nor access to accounts or other financial information,” the monetary authority said in a statement this Thursday (19).
According to the Central Bank, anyone who has had their registration data exposed will be notified exclusively through the application or internet banking of their relationship institution.
“Neither the BC nor the participating institutions will use any other means of communication with affected users, such as messaging applications, phone calls, SMS or email”, warns the institution.
“The BC informs that the necessary actions were adopted for the detailed investigation of the case and the sanctioning measures provided for in the current regulation will be applied.
Since Pix was created, 15 user data leaks have been recorded. The list of institutions that had system failures and which data were exposed is available on the Central Bank’s website.
Scam alert
A new rule from the Central Bank requires financial institutions to send a “scam alert” to customers in cases of atypical transactions via Pix. The new rule will come into effect six months after the publication of the changes in the system’s user manual, with no set date yet.
The measure was a recommendation from the Pix Strategic Security Group, coordinated by the BC and served by Febraban (Brazilian Federation of Banks).
The creation of a fine of R$100,000 for system participants who fail to comply with the rules related to Pix keys was also recommended and accepted, with no possibility of exemption.
The Central Bank has been discussing improvements to the instant payment system to ensure greater security in Pix transactions and prevent fraud. According to data from the institution, around 3 million requests for refunds due to fraud were made between January and August of this year.