Forex trading side FBS has accidentally leaked millions of user records online after the company reportedly left its ElasticSearch database server exposed after a cloud database misconfiguration mishap.
FBS is an international online forex broker founded in 2009. As of writing, Tech Radar states the company currently operates with over 400,000 partners and 16 million traders in more than 190 countries around the globe. Its app alone has reportedly been downloaded over a million times in the Google Play Store.
According to Info Security Magazine, the server in question was left unprotected online without password or encryption protection, leaving it vulnerable to attackers and other malicious threat actors on the web.
Based on the article released by Tech Radar, the security researchers slash white hackers over at WizCase, a reviews website initially discovered the data leak in October 2020. Led by white hat hacker Ata Hakcil from WizCase, Tech Radar states that the researchers reached out to the firm after the incident.
In response to the data leak, Tech Radar maintains that FBS took to securing the ElasticSearch database by October 5 last year. After the initial server security, however, the company experienced a massive data leak was around 20 terabytes of data with approximately 16 billion records on it.
Among the customer details exposed by the server include personally identifiable information (PII). These include customers’ first and last name, their phone numbers, billing addresses, and their passport numbers. Users’ ID cards, driver’s licenses, and birth certificates were also included in the list.
In addition to the aforementioned data, the email addresses, the country, time zone, and IP addresses of users have also been made vulnerable. Customers’ mobile device models, as well as the current operating systems being used by the individual in question, were also found on the exposed server.
Social media IDs, including those from Facebook and Google, also remain part of the exposed ElasticSearch server. Moreover, the personal photos and images, on top of financial documents such as bank account statements and unredacted credit cards, and utility bills of customers were compromised.
Info Security Magazine also reports that the login history, loyalty data, as well as the unencrypted passwords of users and their respective password, reset links, were also found in the database.
In a statement, WizCase security researchers said that the treasure trove of data could be leveraged by various threat actors for a variety of attacks, including phishing and even malware, on top of other similar scams and attacks. Identity theft is also a real concern for white hat hackers.
While the forex trader has already secured its database, users must be wary of possible attacks and data exposed used against them. In light of this, users are urged to change their passwords and enable two-factor authentication, notes Tech Radar.