A threat actor is claiming to have breached Brazilian energy company iGreen Energy and stolen approximately 5 million records containing customer personal data, financial information, KYC documents, utility account credentials, and internal staff access details.
The alleged dataset was posted for sale on a cybercrime forum on May 27. According to the listing, the exposed information spans multiple databases tied to customers, consultants, financial operations, utility billing systems, and internal backoffice staff.
The threat actor claims the leak includes CPF and CNPJ identifiers, RG identity numbers, dates of birth, phone numbers, email addresses, physical addresses, utility installation data, account balances, PIX payment information, and withdrawal histories.
The post also alleges that tens of thousands of utility platform accounts were exposed with plain-text passwords associated with Brazilian energy providers including RGE, CEMIG, CEEE, EDP, CELESC, ELEKTRO, COPEL, ENEL, and LIGHT.
Additional datasets shown in screenshots appeared to include consultant payment records, telecom and solar contracts, withdrawal transactions, customer energy bills, and more than 1,500 alleged physical KYC document files.
Large samples were published alongside the claim
The forum post included extensive database samples allegedly extracted from multiple internal systems. The records appeared to contain structured customer and consultant information formatted in JSON and CSV-style entries.
Sample data also appeared to show employee account information and internal access-related fields associated with backoffice systems.
The threat actor further claimed the leak included hashed staff passwords using weak hashing algorithms including bcrypt and MD5, alongside administrative access levels and internal account metadata.
One section of the listing referenced allegedly predictable cloud storage URLs that could purportedly allow automated harvesting of additional files and utility bill images.
BreachNews could not independently verify the authenticity of the data or determine whether the records originated directly from iGreen Energy systems.
Brazilian identity and payment data carries elevated risk
If legitimate, the alleged exposure could create significant fraud and identity theft risks for affected individuals due to the sensitivity of Brazilian financial and identity records.
CPF and RG identifiers are commonly used across banking, telecom, utility, and government systems throughout Brazil, while PIX payment infrastructure has become deeply integrated into the country’s financial ecosystem.
Exposure of utility account credentials and KYC documentation could potentially enable account takeovers, financial fraud, targeted phishing, and social engineering attacks.
The alleged iGreen Energy breach also follows a broader increase in large-scale database sale and extortion activity observed across underground forums in recent weeks, including recent claims involving DentaQuest, Charter Communications, and Baker Distributing Company.
The threat actor behind the listing has limited public history, and the claims should be treated as unverified until independently confirmed.
At time of publication, iGreen Energy had not issued any public statement regarding the alleged breach.
