Top Mexican fintech firm leaks details on 1.6 million customers

1 week ago 3

Businessman holding a magnifier and searching for a hacker within a business team.

(Image credit: Shutterstock)

Resaearchers uncover large database during routine analysis of available indexes
Database held sensitive data on more than 1.6 million Kapital customers
Company is still yet to close the archive

A Mexican fintech startup has been found holding a large database full of sensitive customer data wide open on the internet, available for anyone who knows where to look.

Security researchers from Cybernews found the database in early September 2024 after a routine investigation of publicly available indexes.

The database, belonging to a company called Kapital, contained sensitive data on 1.6 million Mexicans, including voter IDs and selfies.

Database still available online

Mexico City-based Kapital specializes in serving small and medium-sized businesses (SMB) with limited access to bank credit, providing different financial services, such as credit cards, or loans, and counts roughly 80,000 customers in the region, according to Fintech Nexus.

“The documents are integral to voting, identity verification, and accessing various services. Their exposure compromises individuals' immediate safety and privacy and can have negative financial consequences," the Cybernews team noted in its writeup.

When it comes to financial consequences, it was explained that the data can be used in wire fraud, identity theft, and similar money-related crime: “Threat actors can easily obtain and misuse sensitive information for identity theft. Criminals might attempt to create fraudulent accounts or gain unauthorized access to existing ones,” the researchers warned. “Financial fraud could lead to substantial monetary loss and damaged credit scores.”

To make matters worse, Kapital doesn’t seem to care much. Cybernews claims to have reached out “dozens” of times, to no avail. The country’s Computer Emergency Response Team (CERT) was also notified. However, by the time the researchers published their report, which was on November 6, the database was still up and running, three months after initial discovery.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Misconfigured cloud databases continue being one of the key causes of data breaches and leaks, exposing millions of customer records every month.

Hundreds of Google Firebase websites might have leaked data online
Here's a list of the best antivirus
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article