Connect with us

Hi, what are you looking for?

Tech & Science

Billions of records of an online trading broker leaked (Includes interview)

- Digital Journal Staff
- Digital Journal Staff

The latest incident was identified by ethical researchers at WizCase, who discovered a massive data leak that belonging to FBS, which is a Cyprus-based online trading broker. FBS is a popular site, and one used by millions of traders in over 190 countries.

The leak included sensitive personally identifiable data, together with financial records, government documents, and potentially some passwords in plaintext form. Other data included files uploaded by users for their verification including personal photos, identity cards, driving licenses, birth certificates, bank account statements, utility bills, and even credit card statements.

The data exposure lasted for at least a few days before FBS responded to WizCase’s report and secured the ElasticSearch server that was left open to access by anyone due to a misconfiguration.

According to the impacted company, FBS: “It in no way reflects the number of users. One service generates hundreds of records on every execution and each user calls dozens of services. Thus, total amount of logs and the number of records have no connection to the number of users or user-related records”.

Looking at the matter for Digital Journal is Pravin Rasiah, who is the Vice President of Product, CloudSphere.

Rasiah outlines the significance of this latest cyber-issue: “A data leak of this size is big trouble for the customersd. As reported by the researchers, the details exposed here may result in some customers being targeted at their home address, especially those whose transactions indicate significant wealth.”

Furthermore, the issue means that “cybercriminals can take the exposed information and pretend to be the user and commit account takeover and fraud or launch targeted phishing attacks.”

Other organizations should take note, says Rasiah. Indeed, “for any businesses housing sensitive information in their servers, security governance guardrails are a necessity.” This does not appear to have been the case in this latest incident.

Rasiah explains that “without proper governance strategies in place, a simple change in policy or update could result in a server becoming exposed, inviting threat actors to take a look.”

In terms of the best preventative action to consider, Rasiah recommends: “A cloud management platform with complete visibility into the cloud landscape and real-time security posture monitoring is the best way to ensure these gaps are remediated in a timely manner.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

“What’s the point?” is a question Russia should have been asking for 120 years. It’s about time for an answer.

Entertainment

Actress Brooke Shields chatted about mental health, she shared her career-defining moments, and furnished her definition of success.

Business

A Togg electric car rolling off the assembly line in Gemlik near Bursa in western Turkey - Copyright AFP MOHD RASFANMathieu RABECHAULT and Anne...

Business

The next major driver could be the results from Nvidia — the third-largest US company by market capitalisation.