Security News > 2020 > March > Exchange rate service’s customer details hacked via AWS

Exchange rate service’s customer details hacked via AWS
2020-03-20 14:45

Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week.

Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones.

It lets software applications query the Open Exchange Rates service, which delivers their results back in a machine- and human-readable format, JSON. The company runs its service in the Amazon Web Services cloud.

Open Exchange Rates explained that it started getting complaints about its API performance on 2 March, which it tracked to a misconfiguration in its network.

As a precautionary measure, the company reset all user passwords, although it left it up to customers to reset their application tokens, which could enable people to use the service on a victim's dime.


News URL

https://nakedsecurity.sophos.com/2020/03/20/exchange-rate-services-customer-details-hacked-via-aws/