Canadian Telco Exposes Unencrypted Card Details (May 8, 2019)
Researchers at vpnMentor have discovered an unprotected Freedom Mobile database. The database, containing over five million customer records, was left passwordless and unencrypted on April 17. The records included addresses, credit card numbers, CVV numbers, email address, and phone numbers. Telco claim the breach affects 15,000 customers, however, researchers claim there are potentially up to 1.5 million customers affected. Telco have blamed a third-party provider, Apptium, for the breach.
Recommendation: Databases containing personal information should never be left passwordless. It is essential that companies handling personal and financial details of customers ensure the data is secure and encrypted. Customers should be aware of the heightened risk of phishing attempts from this type of leak. They should also monitor their bank accounts to ensure nothing out of the ordinary or fraudulent is occurring.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.