Hackers Are Selling Access to Brazilian Corporate Clouds
Cybercriminals may already have a foothold inside Brazilian companies: a threat actor is offering direct access to corporate cloud systems, not just leaked data.
A new cybersecurity alert is raising concerns in Brazil: a threat actor known as “vexin” is reportedly selling access to corporate cloud environments from companies in the food and technology sectors.
The report surfaced on March 19, 2026, and suggests that sensitive business data may already be exposed.
According to threat intelligence sources, the attacker is offering direct access to corporate cloud systems, not just leaked files.
That’s a big deal.
Instead of static data leaks, this could mean live access to internal systems — the kind of access that enables deeper attacks.
Two affected entities were identified:
Food & Beverage Retail Company
~75 GB of data potentially exposedButchery / Meat Retail Business
~37 GB of data potentially exposed
This isn’t just about stolen files.
If someone buys this access, they could:
Move inside the company’s infrastructure
Deploy ransomware
Access customer and financial data
Disrupt operations in real time
In other words: this is a doorway, not just a leak.
Brazil has been increasingly targeted by cybercriminals, especially as more companies migrate to cloud-based systems. And here’s the catch: Cloud environments are powerful but misconfigured access = high-value target.
We still don’t know how deep this breach goes — or if the affected companies have responded, but one thing is clear: Access is now the currency in cybercrime and Brazilian companies are on the radar.