Small business loans app blamed as 500,000 financial records leak out of ... you guessed it, an open S3 bucket

2020-03-18 11:30

A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records.

The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA Wizard, developed jointly by Advantage Capital Funding and Argus Capital Funding back in 2018.

According to the vpnMentor crew, the app stored documents like bank statements, photocopies of driver's licenses, credit checks, and even tax and social security information - all in an unsecured AWS S3 storage bucket.

Though the app was defunct, that bucket remained online and configured for public access.

Interestingly, although the app is no longer available, the researchers noted that new documents were being added to the storage instance right up until its removal, suggesting another application could also be using the bucket.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/18/smb_loan_app_leaks/

#financial #leak #S3