Citygate Global, a Nigerian Microfinance bank operates a banking application Monéé. It has been discovered by a security researcher that this data has been left exposed from its inception. From the issuing of the warning, it took ten days for the matter to addressed.
An exposed database is a collection of billions of pieces of our data, without any security preventing hackers or anyone else from stealing it and one fall-out from such incidences is that cybercriminals can leverage the breached information to impersonate the victims, make fraudulent purchases, or commit credential stuffing attacks.
In response to Monéé’s exposed database, Anurag Kahol, CTO and co-founder of Bitglass, explains to Digital Journal about the significance of the issue.
Kahol begins by outlining why the data exposed is of potential value to hackers, noting: “Personally identifiable information (PII) and financial details connected to customer accounts are valuable data that criminals can leverage to commit financial fraud, engage in identity theft, and make money on dark web marketplaces.”
This form of attack is all too common says Kahol: “This is not the first time and certainly won’t be the last time that an organization unknowingly leaves a database exposed without password protection, demonstrating how most lack full visibility and control over their data. Consequently, it’s critical that enterprises strengthen their security postures to ensure the privacy of customer and corporate data.”
In terms of what can be considered to prevent such incidences in the future, Kahol recommends: “To prevent data leakage, organizations can begin by implementing a password, followed by equipping themselves with solutions like multi-factor authentication (MFA), data loss prevention (DLP), cloud security posture management (CSPM), and user and entity behavior analytics (UEBA). These additional safety precautions will enforce stricter security standards and keep data secure.
