An unprotected AWS S3 bucket exposed some 425 GB of data, representing approximately 500,000 documents related to MCA Wizard, an iOS and Android app developed by Advantage Capital Funding and Argus Capital Funding. According to vpnMentor researcher Noam Rotem, who led the team of researchers who found the open database, the app appears to be a tool for a Merchant Cash Advance (MCA), which provides relatively small, high-interest business loans typically made to small companies.
In a blog post, Rotem shared examples of the types of document found in the database, many of which seemed to have no relationship to the app itself. Information in the documents included credit reports, bank statements, contracts, legal documents, driver’s license copies, purchase orders and receipts, tax returns, Social Security information, and transaction reports.
According to vpnMentor, its researchers tried to contact Advantage and Argus, which may actually be the same company, to inform them of the open bucket. When they were unable to do so, they informed AWS, which shut off access to the database.
For more, read here and here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
The post 500,000 Documents Exposed in Open S3 Bucket Incident appeared first on National Cyber Security.