Real estate agency exposes details of 690k customers

An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered.

The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.

According to our team, the specific database was populated with data about customers from Dubai. The exposed database hosted over 100K links with scanned documents hosted on a Goyzer domain.

We have reached out to Goyzer for comment but have yet to receive a response before publishing this article.

The team discovered that the now-closed database contained details such as:

  • Names
  • Emails
  • Phone numbers
  • Scanned copies of receipts, checks, contracts, and IDs

The team believes that malicious actors could employ this type of data for identity theft, phishing attacks, or even commit financial fraud. The total number of exposed individuals appears to stand at 690,000.

“The compromised documents, including contracts and IDs, amplify the risk of targeted scams and unauthorized access to personal and financial accounts. Companies should always employ robust security measures to safeguard sensitive data and protect individuals from potential harm,” researchers said.

Cybercriminals may try to enhance the precision of their attacks by collating different data points to form a fuller picture of the victim.

For example, Cybernews recently wrote about another case where a Dubai-based company, DTC, a Roads and Transport Authority subsidiary, leaked information on over 220K individuals.

Goyzer claims to provide technological solutions for real estate developers, property managers, and brokers.

More from Cybernews:

Out with the old: the tech turkeys we kept using in 2023

Decentralized services heat up competition in the VPN market

Federal agencies do not comply with AI rules, audit shows

AI-generated science fiction novel wins literary prize in China

Polish state TV used text messages stolen via Pegasus to attack opposition

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked