SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
1 Dec 2017

National Credit Federation data leak: Over 100GB of sensitive customer data was left exposed online

Tens of thousands of Americans' critically sensitive data, such as social security numbers, bank account numbers, credit reports and more, were left freely exposed online by the National Credit Federation (NCF).

The Florida-based credit repair service inadvertently exposed over 100GB of customer data via an unsecured Amazon cloud storage server, leaving thousands of its customers potentially vulnerable to identity and financial theft, as well as cyberattacks.

The credit repair service's leaky S3 bucket was discovered on 3 October by UpGuard's director of cyber risk research Chris Vickery. There have been numerous massive leaks caused by unsecured S3 buckets over the past year which have exposed incredibly large troves of data from various organisations. Most recently, classified US Army and NSA data was also left exposed, thanks to an unsecured S3 bucket.

In the NCF leak, the exposed data included information such as customers' names, addresses, scans of social security cards (exposing the actual social security numbers), credit reports, full credit card and bank account numbers, and more. Thousands of customer credit reports compiled by Equifax, Experian and TransUnion were also exposed in the breach.

"Content in the repository apparently created by NCF include personalised credit blueprints compiling a great deal of sensitive customer data in one form – everything from who owns a mortgage to how regularly a customer paid their credit card bills," UpGuard cyber resilience analyst Dan O'Sullivan wrote in a blog.

"Video files within the repository depict NCF employee computer desktops, recorded using a screen logging program, as an employee accesses customer records and explains the significance," O'Sullivan added. "The videos appear to be specially made for individual customers, and are rife with the depiction of personally identifiable information.

"All of this data could be easily used by malicious actors to steal identities and compromise the personal finances of NCF customers." The leaky database was "continually updated" with new information until the firm was notified of the breach. This means that in the event that the S3 bucket was accessed by hackers, all they had to do was sit and wait for the database to be updated, providing them a fresh supply of victims.

According to UpGuard's researchers, around 40,000 NCF customers are estimated to have been impacted by the data leak. It is still unclear as to how long the S3 bucket was left exposed before it was discovered. It is also uncertain as to whether any malicious entities accessed the leaky database.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
information leaks
Source:
IBTimes
1297
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015