Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online (Mar 17, 2020)
Researchers at vpnMentor have identified an open Amazon Web Services (AWS) S3 bucket exposing over 500,000 sensitive financial and legal documents. The database was linked to the mobile application MCA Wizard, developed by the companies Advantage Capital Funding and Argus Capital Funding, for Android and iOS. The application was being used by these companies for arranging loans to small businesses, but has been held under scrutiny due to questionable work practices. Upon further investigation, it was identified that the 425GB of open data did not relate to the MCA application but in fact came from Advantage and Argus. The documentation includes but is not limited to, bank statements, credit reports, driver’s license and Social Security information.
Recommendation: The exposure of such sensitive Personally Identifiable Information (PII) compromises the security of clients, employees and customers puts these individuals at risk of being targeted. Customized spearphishing emails will likely be sent to these individuals in an attempt to gain more information on them. People involved could have their identity stolen and financial transactions made in their name. Users that believe they have been impacted by this data breach should monitor their credit cards and bank accounts for unusual activity, and, in addition, freeze their credit reports. Entities employing Amazon S3 Buckets for storage of information must ensure that buckets are made private and that authentication protocols are in place so that only appropriate people have access to information.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.