Researchers at WizCase have discovered a massive data leak that belongs to FBS, a Cyprus-based online trading broker used by millions of traders in over 190 countries. The leak includes sensitive personally identifiable information (PII), financial information, government documents, numbers, and even passwords in plaintext form. The data exposure lasted for at least a few days before FBS responded to WizCase’s report and secured the ElasticSearch server that was left open to access by anyone due to a misconfiguration.
<div>A data leak of this proportion spells trouble for the customers involved. As noted by researchers, the details exposed here could likely result in certain customers being targeted at their home address, especially those whose transactions indicate significant wealth. Cybercriminals can also use the exposed information to act as the user and commit account takeover and fraud or launch targeted phishing attacks.</div> <div> </div> <div> </div> <div>For any businesses housing sensitive information in their servers, security governance guardrails are a necessity. Without proper governance strategies in place, a mere change in policy or update could leave a server exposed, inviting threat actors inside and putting customer data in jeopardy. A cloud management platform with complete visibility into the cloud landscape and real-time security posture monitoring is the best way to ensure these gaps are remediated in a timely manner.</div>