ACY Securities, an Australian trading company, has made public a vast amount of personal and financial data from unsuspecting individuals and corporations.
Misconfigured Database
It happened as a result of ACY Securities’ misconfigured database. The data leak’s worst feature is that it contained about 60GB of data that was left exposed without any security authentication. This means that anyone with even a rudimentary understanding of how to identify unsecured databases on Shodan and other similar sites would have total access to ACY’s data, which included logs dating back to February 2020 and was updated with the most recent data set every second.
The exposed database, according to Hackread.com, contained the user data such as Full name, Postcode, Full address, Date of birth, Name of the city, Gender details, Email address, Phone Number Hashed passwords, Trading-related information like business details, and more.
The sensitive nature of the data has no value. The seriousness of misconfigured and unsecured databases can be gauged by the fact that Anonymous and its associate gang of hackers penetrated roughly 90% of Russian cloud databases that were accessible to the public without any security authentication or password earlier this year.
Given the scope and nature of the data revealed by ACY, the incident could have far-reaching consequences. Bad actors could take the data and use it to commit identity theft, phishing scams, scam marketing campaigns, and identity fraud involving microloans.
Nations with the most affected users and businesses are India, China, Spain, Brazil, Russia, Australia, Romania, Malaysia, Indonesia, United States, United Kingdom, United Arab Emirates and many more.
