Upon being alerted by security researcher Anurag Sen, the company rubbished the sensitivity of the matter by labeling the exposed database as “an insignificant one.”
Anurag Sen, a prominent IT security researcher has shared exclusive information with Hackread.com revealing that Sydney, Australia-based trading company ACY Securities (acy.com) exposed a massive trove of personal and financial data of unsuspected users and businesses online for public access.
Another day, another misconfigured database
It happened due to a misconfigured database owned by ACY Securities. The worse part of the data leak is the fact that it contained over 60GB worth of data that was left exposed without any security authentication. This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to ACY’s data which contained logs from February 2020 while being updated with the latest data set every second.
As seen by Hackread.com, the exposed database hosted the following user data:
- Full name
- Postcode
- Full address
- Date of birth
- Name of city
- Gender details
- Email address
- Phone Number
- Hashed password
- Trading-related information like business details and more
Screenshot of a US-based user (Image source: Hackread.com via Anurag Sen)
List of countries where most users and businesses were impacted:
- United Kingdom
- Australia
- India
- China
- Spain
- Brazil
- Russia
- Romania
- Malaysia
- Indonesia
- United States
- United Arab Emirates and many more
No Value to Sensitive Nature of Data
Anurag told Hackread.com that he reached out to ACY multiple times last week with necessary proof however it took the company a couple of days to understand and address the issue. An ACY representative replied to the researcher by labeling the exposed server as an “insignificant one.”
Anurag told Hackread.com
Nevertheless, at the time of publishing this article, the exposed database was secured and its IP addresses were no longer accessible to the public.
Potential Dangers
The severity of misconfigured and exposed databases can be quantified by the fact that earlier this year, Anonymous and its affiliate group of hackers compromised around 90% of Russian cloud databases that were exposed to the public without any security authentication or password.
In ACY’s case, considering the extent and nature of exposed data, the incident could have far-reaching implications. Such as bad actors could download the data and carry out identity theft, phishing scams, scam marketing campaigns, and microloans identity fraud.
Misconfigured Databases – Threat to Privacy
Misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. In 2021, the number increased to 399,200 exposed databases.
Source: Hackread.com