Skip to main content

This widely-used instant loan app leaks nearly 30 million files of user data

Web Hosting & Remote IT Support
  • FatakPay, an Indian loan company, was found storing sensitive data in an unprotected S3 bucket
  • The data included people's names, addresses, IDs, and more
  • The company has since locked the database down

Instant loan company FatakPay kept sensitive data on millions of its users exposed on the internet, for an unknown period of time to anyone who knew where to look.

In mid-September 2024, security researchers from Cybernews discovered a misconfigured Amazon AWS S3 bucket containing more than 27 million files filled with sensitive information.

The data found in the bucket includes people’s full names, postal addresses, email addresses, phone numbers, copies of national IDs, loan agreements, account statements, filled-in loan applications, user selfies for verification, PAN (a PIN number issued by the Indian Income Tax Department), Aadhar (a PIN number issued by the Unique Identification Authority of India), and credit score reports.

Closing the archive

After a few attempts, the researchers managed to get in touch with FatakPay, which then closed the bucket, but has not yet released an official statement regarding the discovery.

FatakPay is a digital payment and micro-lending platform in India that provides instant credit solutions to users for small-ticket transactions. At press time, its Google Play Store page shows 1M+ downloads, but the exact number of active users is not publicly available.

Misconfigured databases remain one of the key causes of data leaks. Some researchers warned that many organizations don’t fully understand the shared responsibility model of most cloud hosting providers, and that they believe it is the service provider’s job to keep the data secure.

As a result, researchers often stumble upon large databases full of information that crooks could use for identity theft, phishing, social engineering, wire fraud, and more.

Recently, a Mexican fintech startup was found holding a large database full of sensitive customer data wide open on the internet. The company, called Kapital, held data on 1.6 million Mexicans, including voter IDs and selfies.

You might also like



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

The Apple Watch ban is lifted, on appeal – but the reprieve might only be temporary

Web Hosting & Remote IT Support The Apple Watch ban story has developed quickly over the last week and a bit, and there's now a new twist: the US Court of Appeals is putting a pause on the US sales and import ban while it reviews the case, which means the Apple Watch 9 and Apple Watch Ultra 2 can go back on sale for the time being. "We are thrilled to return the full Apple Watch lineup to customers in time for the new year," an Apple spokesperson told TechRadar. "We are pleased the US Court of Appeals for the Federal Circuit has stayed the exclusion order while it considers our request to stay the order pending our full appeal." The watches in question are now once again available from "select" Apple Stores, and will also be going on sale from the Apple website from 12pm PT / 3pm ET on Thursday, December 28 (that's 8pm in the UK, and early on December 29 in Australia). All Apple Stores should have stock by the weekend. As for how long t...
Post a Comment
Read more

The Samsung Galaxy Ring could go into production as soon as next month

Web Hosting & Remote IT Support With the dust beginning to settle from the huge Samsung Unpacked 2023 event, we can turn our attention towards what Samsung might have planned next: and a smart ring seems to be in the company's near future. As per a report from South Korean outlet The Elec (via SamMobile ), mass production on a Samsung Galaxy Ring could begin as early as August, with a decision imminent on the schedule for getting the wearable manufactured and out to consumers. A full launch is slated for some point during 2024 though, rather than 2023. The nature of the device means that it'll need to clear several regulatory hurdles before it can go on sale and start tracking various vital statistics. An early 2024 launch would put the Galaxy Ring on a similar schedule to the Samsung Galaxy S24 – and it would therefore make sense to launch both gadgets at the same time, perhaps in January or February if Samsung follows its 2023 routine. The story so far Rumors ar...
Post a Comment
Read more