ADVERTISEMENT

Massive data spill reveals loan shop collects and exposes private messages. What data was leaked?

A data leak at Nigerian FinTech company BestFin Nigeria has exposed 846,000 customers and their emergency contacts. The leak also revealed that money lenders try to squeeze every drop of data from their clients, including private communications.

BestFin Nigeria research

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Oct 9, 2024 Updated: 11 October 2024 2 min read
  • Personal data, including name, gender, phone number, email address, home address, date of birth, salary range, and marital status
  • Emergency contacts
  • List of apps installed on user devices
  • List of contacts saved on their phone
  • Device identifiers, such as IMEI, model, and IP address
  • Any SMS messages sent and received by the users, including personal messages unrelated to payments, OTP codes, and temporary passwords for financial and non-financial accounts
  • Bank Verification Numbers (BVN) validation logs. This is a biometric identification system implemented by the Central Bank of Nigeria
ADVERTISEMENT
leaked-data-bestfin

Loan apps may put you in danger

user-messages

Disclosure timeline

  • July 2nd, 2024: Leak discovered.
  • July 4th, 2024: Initial disclosure email sent, multiple follow-up emails followed.
  • August 26th, 2024: Access to the data was closed.
ADVERTISEMENT