Skip to content
Support
Sign In Subscribe
Data Breaches

Brazilian Construction Information Company PiniWeb Allegedly Breached, 13.9 GB Listed For Sale

 and  Dark Web Informer
10 min read
Breach Report Brazil flagBrazil Information Services

Brazilian Construction Information Company PiniWeb Allegedly Breached, 13.9 GB Listed For Sale

A threat actor using the alias S0BER is advertising the sale of a claimed ~13.9 GB dataset of around 10,290 files across three RAR archives, spanning 2003 to 2026, said to be stolen from PiniWeb / Editora Pini (piniweb.com.br), a Brazilian information company that has served the construction industry since 1948. According to the listing, the data allegedly includes subscriber and customer databases (LGPD-relevant personal data), government procurement records and tax invoices tied to public-sector and corporate clients, proprietary construction price-table data (SINAPI/TCPO), SQL scripts and database schemas, Outlook PST email archives, internal infrastructure and remote-access configurations, and a code-signing certificate. The seller themselves rates several categories as high or critical risk. The dataset's authenticity and scope are unverified.

Data~13.9 GB
PriceFor sale
CountryBrazil flagBrazil
ActorS0BER

Post details

TargetPiniWeb / Editora Pini (piniweb.com.br)
CountryBrazil flagBrazil
SectorInformation Services / Construction
Claim~13.9GB / 10,290 files for sale
DataCustomer DBs, gov records, DB assets
Archives3 RAR files (2003-2026)
ObservedJun 18, 2026
ActorS0BER

!Allegedly included

  • ~10,290 files (~13.9 GB)
  • 3 RAR archives (2003-2026)
  • Subscriber & customer databases
  • Government procurement & NF-e records
  • Proprietary SINAPI/TCPO price data
  • SQL scripts & database schemas
  • Outlook PST email archives
  • Code-signing cert & infra configs

Screenshots

PiniWeb Brazil alleged leak Screenshot 1 Screenshot 1 Redacted preview PiniWeb Brazil alleged leak Screenshot 2 Screenshot 2 Redacted preview PiniWeb Brazil alleged leak Screenshot 3 Screenshot 3 Redacted preview

Potential impact

This sits in the critical tier because the listing allegedly combines several high-impact data types. On the personal-data side, subscriber, customer, and prospect databases plus PST email archives would expose LGPD-relevant personal information of individuals, along with references to several named employees. On the business side, government procurement records, tax invoices, and named public-sector bodies and corporate clients could expose sensitive commercial relationships. Most seriously from a security standpoint, the listing claims to include database schemas and SQL logic, internal infrastructure and remote-access (RDP) configurations, and a code-signing certificate. If a usable code-signing certificate is exposed it could let attackers sign malicious software as if it came from the company, which is why such a certificate would warrant immediate revocation; exposed infrastructure and database logic similarly raise the risk of follow-on intrusion. No purchase details, seller contacts, certificate contents, or technical specifics are reproduced here. Authenticity and scope are unverified.

iStatus

Unverified

A detailed file manifest and statistics were posted to an underground forum offering the data for sale; the sample data, certificate, specific infrastructure details, and seller contact information are not reproduced here. The claim has not been independently confirmed and PiniWeb / Editora Pini has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest