An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered.
The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.
According to our team, the specific database was populated with data about customers from Dubai. The exposed database hosted over 100K links with scanned documents hosted on a Goyzer domain.
We have reached out to Goyzer for comment but have yet to receive a response before publishing this article.
The team discovered that the now-closed database contained details such as:
- Phone numbers
- Scanned copies of receipts, checks, contracts, and IDs
The team believes that malicious actors could employ this type of data for identity theft, phishing attacks, or even commit financial fraud. The total number of exposed individuals appears to stand at 690,000.
“The compromised documents, including contracts and IDs, amplify the risk of targeted scams and unauthorized access to personal and financial accounts. Companies should always employ robust security measures to safeguard sensitive data and protect individuals from potential harm,” researchers said.
Cybercriminals may try to enhance the precision of their attacks by collating different data points to form a fuller picture of the victim.
For example, Cybernews recently wrote about another case where a Dubai-based company, DTC, a Roads and Transport Authority subsidiary, leaked information on over 220K individuals.
Goyzer claims to provide technological solutions for real estate developers, property managers, and brokers.
More from Cybernews:
Subscribe to our newsletter