This widely-used instant loan app leaks nearly 30 million files of user data

This widely-used instant loan app leaks nearly 30 million files of user data

I know we have some international users here. And maybe you used this service. So you may want to get some credit monitoring on your account. Be careful out there folks.

Instant loan company FatakPay kept sensitive data on millions of its users exposed on the internet, for an unknown period of time to anyone who knew where to look.

In mid-September 2024, security researchers from Cybernews discovered a misconfigured Amazon AWS S3 bucket containing more than 27 million files filled with sensitive information.

The data found in the bucket includes people’s full names, postal addresses, email addresses, phone numbers, copies of national IDs, loan agreements, account statements, filled-in loan applications, user selfies for verification, PAN (a PIN number issued by the Indian Income Tax Department), Aadhar (a PIN number issued by the Unique Identification Authority of India), and credit score reports.

Posted Using InLeo Alpha