Cyber Incident Victim: Oi

On or around June 20, 2016, multiple websites belonging to Brazilian telecommunications company Oi were compromised and defaced by hackers. The attackers, identified as Algerian individuals using the online aliases "Red hell Sofyan," "Max Dz," and "Sm0ld3r," targeted Oi's primary domain (oi.com.br) and at least 14 subdomains. These included sites dedicated to internet speed testing, daily customer offers, instructional video content, installation guides, and user login portals. The defacement involved replacing legitimate web pages with a message expressing support for Palestine, though the incident remained unreported until subsequent analysis. Forensic examination by cybersecurity outlets revealed that all three hackers participated in the coordinated defacement campaign. No evidence confirmed whether user data was exfiltrated during the breach, and the specific technical vulnerabilities exploited by the attackers remained unidentified at the time of reporting.

The incident occurred during a critical period for Oi, which was undergoing bankruptcy proceedings totaling $19 billion—the largest such filing in Brazil's corporate history. While the direct financial impact of the defacement was not quantified, analysts noted the potential for reputational damage and operational disruption given the scale of affected web properties. The compromised subdomains served essential customer-facing functions, including account access and service troubleshooting resources. Oi's corporate response and containment measures were not detailed in available reports, nor was there information regarding detection methods or restoration timelines. The attack's geopolitical messaging component—displaying pro-Palestine content—did not establish a clear motive beyond the hackers' stated affiliations, with no further claims regarding data manipulation or extortion attempts disclosed in the aftermath.