A threat actor is selling a 243 million record dataset attributed to credilink.com.br, described in the post as a Brazilian credit information and risk analysis provider serving financial institutions and retailers. The seller offers a 12 million record sample for free download and points buyers to an external marketplace for the full package, with samples showing CPF national IDs, addresses, vehicle ownership, and presumed income.

• CPF national ID
• Full name (NOME) and mother’s name (NOME_MAE)
• Address type, street, number, complement
• Neighborhood (BAIRRO), city (CIDADE), state (ESTADO), UF, postal code (CEP)
• Date of birth (DT_NASCIMENTO)
• Gender (SEXO)
• Email address
• Death flag and death date (FLAG_OBITO, DT_OBITO)
• Federal tax/receita status (STATUS_RECEITA_FEDERAL)
• Corporate role/share (PCT_CARGO_SOCIETARIO)
• Vehicle ownership (CBO, QT_VEICULOS)
• Up to five vehicles each with brand, model, and year (MARCA/MODELO/ANO_VEICULO 1-5)
• Presumed income (RENDA_PRESUMIDA) and income range (FAIXA_RENDA)