A few weeks ago, researchers from vpnMentor revealed that they had discovered a breached database containing approximately 500,000 sensitive records stored in 425 gigabytes of data. The records were linked to a merchant cash advance app called MCA Wizard, which provides high-interest, short-term loans and credit advances to small business owners.
Among the records that the research team was able to access were:
- credit reports
- tax returns
- bank statements, scanned copies of bank checks, and access information for bank accounts
- driver’s licenses
- contracts and legal paperwork
- social security information
- purchase orders, receipts, and transaction reports for credit cards and merchant bank accounts
MCA Wizard was apparently developed by Advantage Capital Funding and Argus Capital Funding, though vpnMentor researchers found that Advantage and Argus are actually the same entity but listed under separate names, and their relationship remains unclear. The documents exposed contained sensitive, personal information of employees, contractors, clients, and partners working with the business(es) in some capacity.
The root cause of the problem? An exposed S3 bucket. The researchers found that it was completely open, unencrypted, without even a password protecting its contents from potential bad actors. After discovering the breach, vpnMentor attempted to contact the companies, but received no response. They then contacted AWS, who shut down the S3 bucket.
Although S3 bucket misconfigurations are frequently cited as the cause of data breaches, protecting such resources is not difficult, particularly when you have the right tools in place.
For example, through API polling and event-driven harvesting, DivvyCloud quickly detects changes that expose your cloud infrastructure to risk and then triggers automated remediation of that risk in real-time. To learn more about how our security automation can help you, get in touch with us.