An open database is the basis of a data leak resulting in the exposure of 425GB in important documents belonging to financial institutions.
vpnMentor researchers led by Noam Rotem said on Tuesday that the database seems to be linked to MCA Wizard, an obsolete app that seems to have been developed by Advantage Capital Funding and Argus Capital Funding.
The iOS/Android application was developed as a Merchant Cash Advance (MCA) instrument, used to deliver industries with short-term loans based on their upcoming credit card-based sales. The app is no longer available on official app stores.
The team is reported to have said the database was exposed through vpnMentor’s web mapping project. First exposed in December 2019, the Amazon Web Services (AWS) S3 bucket was not using any form of encryption, verification or access IDs, a situation which has become ever more common as many businesses move to cloud services.
The researchers say the database contained references to MCA Wizard, but several files did not seem to have any right connection to the mobile application.
As an alternative, the company discovered over 500,000 “highly sensitive” documents, including private legal and financial files, that initiated from Advantage and Argus.
All told, 425GB was contained in the database at the time of finding, with files still vigorously being uploaded to the bucket as the team led their probe.