The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Upon being alerted by security researcher Anurag Sen, the company rubbished the sensitivity of the matter by labeling the exposed database as “an insignificant one.”

Anurag Sen, a prominent IT security researcher has shared exclusive information with revealing that Sydney, Australia-based trading company ACY Securities ( exposed a massive trove of personal and financial data of unsuspected users and businesses online for public access.

Another day, another misconfigured database

It happened due to a misconfigured database owned by ACY Securities. The worse part of the data leak is the fact that it contained over 60GB worth of data that was left exposed without any security authentication. This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to ACY’s data which contained logs from February 2020 while being updated with the latest data set every second.

As seen by, the exposed database hosted the following user data:

  • Full name
  • Postcode
  • Full address
  • Date of birth
  • Name of city
  • Gender details
  • Email address
  • Phone Number
  • Hashed password
  • Trading-related information like business details and more

Screenshot of a US-based user (Image source: via Anurag Sen)

List of countries where most users and businesses were impacted:

  • United Kingdom
  • Australia
  • India
  • China
  • Spain
  • Brazil
  • Russia
  • Romania
  • Malaysia
  • Indonesia
  • United States
  • United Arab Emirates and many more

No Value to Sensitive Nature of Data

Anurag told that he reached out to ACY multiple times last week with necessary proof however it took the company a couple of days to understand and address the issue. An ACY representative replied to the researcher by labeling the exposed server as an “insignificant one.”

Anurag told

Nevertheless, at the time of publishing this article, the exposed database was secured and its IP addresses were no longer accessible to the public.

Potential Dangers

The severity of misconfigured and exposed databases can be quantified by the fact that earlier this year, Anonymous and its affiliate group of hackers compromised around 90% of Russian cloud databases that were exposed to the public without any security authentication or password.

In ACY’s case, considering the extent and nature of exposed data, the incident could have far-reaching implications. Such as bad actors could download the data and carry out identity theft, phishing scams, scam marketing campaigns, and microloans identity fraud.

Misconfigured Databases – Threat to Privacy

Misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. In 2021, the number increased to 399,200 exposed databases.