A massive security breach triggered false alarms across ten Brazilian states after a young hacker, known as Misantropo, gained unauthorized access to the Interface de Divulgação de Alertas Públicos (Idap). The attacker used credentials belonging to three military firefighters to broadcast the message "misantropi4" through the official emergency system. This incident highlights a critical failure in government digital infrastructure, as the system reportedly relied on alarmingly basic security measures.
The breach was made possible by negligent password practices and a lack of modern security protocols. According to the hacker's statements on social media, at least one account used a CPF number as both the username and password. Furthermore, the Idap platform lacked Multi-Factor Authentication (MFA), instead relying on simple math problems as its only verification hurdle. This low barrier to entry allowed the attacker to hijack official communication channels with minimal effort, exposing significant vulnerabilities in how Brazil manages public safety alerts.
