ADVERTISEMENT

Fintech exposes millions of customer files, fails to close the leak

Several million documents have sat unguarded for at least several months, and the company is either unaware or unwilling to take action.

KYC documents' leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jan 9, 2025 Updated: 20 June 2025 3 min read
  • Passports and IDs
  • Driver’s licenses
  • Voter IDs
  • Selfies for verification
Ernestas Naprys Marcus Walsh profile jurgita Stefanie
Be the first to know and get our latest stories on Google News
Add us as your Preferred Source on Google.

Hackers want to know your customers, too

ADVERTISEMENT
“Cybercriminals can misuse the individual's identity to open fraudulent accounts, apply for loans or credit cards, and make unauthorized transactions.”

Falling on deaf ears

To prevent and avoid similar issues, the team suggests to:

  • Change the access controls to restrict public access and secure the bucket. Update permissions to ensure that only authorized users or services have the necessary access.
  • Monitor retrospectively access logs to assess whether the bucket has been accessed by unauthorized actors.
  • Enable server-side encryption to protect data at rest.
  • Implement SSL/TLS for data in transit to ensure secure communication.
  • Consider implementing security best practices including regular audits, automated security checks, and employee training.

  • Leak discovered: September 12th
  • Initial disclosure: October 2nd
  • CERT contacted: November 7th
ADVERTISEMENT