The list serves as a directory for targeted SMS (Smishing) or WhatsApp-based scams.
Based on similar leaks in the Brazilian underground market, the internal structure typically follows one of these formats: email@provider.com:password Full Name|CPF|Phone Number|Date of Birth Username|Password|IP Address Source & Distribution These files are typically distributed via: 82K DE INOCES.txt
Posted on boards like BreachForums or specialized Portuguese-speaking forums for use in account takeover (ATO) attacks. The list serves as a directory for targeted
Attackers use these lists to "stuff" credentials into other websites, hoping for password reuse. Likely a "Combo List" (email:password or user:password) or
Likely a "Combo List" (email:password or user:password) or a lead list containing full names, CPFs (Brazilian tax IDs), and phone numbers. Common Data Structure
If CPFs and full names are included, the data is used for fraudulent loan applications or "SIM swapping."
Collected from "scampages" targeting banks, streaming services (Netflix/Spotify), or government portals. Security Implications