Earlier today, the official Twitter account of Brazilian government portal @PortalBrasil sent out an alert tweet to its 502,000 followers that “National Force will remain in the State of Rio Grande do Norte for 60 days,” but along with the tweet, came a Google Drive link which upon clicking took users to an excel file containing a list of links, emails and passwords for the social media accounts of Planalto Palace, another government portal responsible for bringing news and updates about the activities of the Presidency of Brazil.
The social media accounts that were on the list included the profile/page link, email/username and plain text password of Planalto Palace verified Twitter account (@Planalto), Gmail, Google Plus, YouTube, verified Instagram, verified Facebook, & profile Slideshare, Tumblr, Flickr, Soundcloud, ThingLink, and Snapchat account.
The tweet came as a mistake and apparently it was a copy + paste problem. The social media “specialist” behind this tweet might have copied the Google Drive link for some other purpose but ended up pasting it with the tweet thinking that they have sent a Tweet along with the news link.
The tweet was deleted after few minutes but those keeping an eye on the social media activities of Brazilian government were quick enough to grab the file and post it all over the Internet. Here is a preview of the login credentials file tweeted by @PortalBrasil.
This is not the first time when Brazilian officials have done something this awful. In 2014, during FIFA world cup in the country, the event’s security team accidentally shared its Wi-Fi password while one of its team members took a picture of himself nearby the screen that was displaying the password.
Come on Brazil, you can do better since you guys are one of the largest Internet users in the world.