A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue remained unresolved until January 16, 2025, leaving the data vulnerable for over a month. While there is no direct evidence that cybercriminals accessed the information, experts warn that only a thorough forensic audit could confirm whether any unauthorized activity took place.
The exposed data reportedly includes Know Your Customer (KYC) documents, which financial institutions use to verify identity, address, and income details. This type of information is particularly valuable to cybercriminals, as it can be exploited to fraudulently obtain loans, orchestrate identity theft, or carry out sophisticated social engineering attacks.
According to researchers, attackers could leverage leaked loan agreements or bank details to manipulate victims into making unauthorized payments or providing further account verification. Furthermore, such personal data often ends up being aggregated and sold on the dark web, amplifying risks for affected individuals and making it harder to protect their privacy.
To minimize the risks associated with such breaches, experts recommend monitoring bank statements and transaction histories for any suspicious activity and immediately reporting irreg
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: