loader gif

Credit Fair and Chqbook leak sensitive records due to unprotected databases

files, paperwork, cabinet, foia, freedom, information, act, business, secretive, secret, cloak, conspiracy, mysterious, stored, journalism, shadowy, confidential, top, hide, espionage, and, figure, dagger, folders, system, of, conspirator, cover, spy, account, work, mystery, stora, stack, records, pile, report, veiled, listing, up, covert, reveal, papers, sheets, investigative, saved, receipts, cl
  • The databases of both the companies were left unencrypted and completely unsecured.
  • Chqbook exposed 67Gb of data due to the unprotected database.

A new security incident related to unprotected databases has come to light. This time two Indian financial service sites - Credit Fair and Chqbook - have exposed personal and financial information of their customers.

What’s the matter?

According to researchers Noam Rotem and Ran Locar of vpnMentor, the databases of both the companies were left unencrypted and completely unsecured. The discovery was made on July 24, 2019. This would result in a huge risk to the data of customers of both firms.

While Chqbook responded immediately to the matter by securing its leaky database, the Credit Fair database remained accessible even after being contacted by the researchers.

What data was exposed for Credit Fair?

The unsecured database associated with Credit Fair had leaked a total of 44,000 records. These records included full names, phone numbers, addresses, birth dates, detailed info about loans, PAN numbers, IP addresses and session tokens of customers. The exposed records also contained AADHAAR numbers and links to fraud reports.

What data was exposed for Chqbook?

Chqbook had exposed 67Gb of data due to the unprotected database. The exposed data included PII such as full names, phone numbers addresses, email addresses, credit card number, card expiry date, type of card and transaction amount of individuals.

Other data leaked in the incident were User IDs, plain text passwords, session tokens, monthly income, gender, birth date, city name, and employment profile.

The bottom line

Malicious agents and criminals can steal these details to perform identity fraud. They can easily create accounts on different websites for a number of malicious online activities.

loader gif