Researchers claim that two financial services firms have leaked more than 500,000 confidential legal and financial records to vulnerable AWS S3 bins.
The study unit of VpnMentor found the leaked directory in December 2019. The inquiry found that the files seemed to be related to a merchant cash and advance smartphone device called MCA Wizard and were likely to be part of Advantage Capital Funding and Argus Capital Funding.
The now-discontinued MCA Wizard software has been created by the two firms that share the same physical address and details. Advantages and Argus are supporting independent enterprises in the United States to secure support.
Once vpnMentor refused to warn companies, it opted to inform AWS immediately, which revoked access to the site within two days.
More than 500,000 leaked records, totaling 425Gb of details, included credit reports, contracts, financial balances, driver’s licenses, legal papers, tax returns, sales orders, activity reports for payment cards and retailer accounts, social security information and login information for bank accounts.
“This leak raises serious credibility and trust issues for Advantage and Argus. By not sufficiently securing this database and revealing so much information, they have compromised the safety, privacy, and security of their clients, partners, and customers,” vpnMentor said in a blog post.
“Those affected may take action against Advantage and Argus for doing so, either from ceasing to do business with either company or possibly pursuing legal actions. Both would result in considerable loss of clients, contracts, business relationships, and ultimately, revenue,” it added.
Malicious hackers may also exploit exposed data to conduct attacks on both companies, researchers said.