Credit Fair offers customers access to small personal loans.
Our team discoveredvulnerabilities in the websites databasesthat gave access to huge amounts of their customers personal and financial details.
The databases were unencrypted and completely unsecured,creating a huge risk for customers of both companies.
Discovery and Owner Reaction
Our team discovered the leaks on July 24th.
Fortunately, Chqbook closed its leak within 48 hours.
However, as of writing, the Credit Fair leak remains open (July 31st).
We have also contacted both companies to inform them of the data breaches.
Customers will have to pay for frauds, such as taking out a fraudulent loan.
A criminal hacker could change the bank account on a Credit Fair customersaccount to one they own.
While open, theCredit Fair and Chqbooks' databases could have provided a huge amount of valuable datato criminals.
They could also beused to create incredibly specific and convincing phishing emailsto fill in any blanks.
For instance, knowing somebody is under financial pressure, they couldpush high-interest loans with misleading or dubious tactics.
Chqbook record example
Physical Dangers of The Leaks
There are alsophysical threats.
These vulnerabilities arejust two examples of the many dangersfor anybody using online financial instruments or websites.
How and Why We Discovered the Breach
This intrusion was unearthed during aweb mapping endeavorwe conducted.
Our cybersecurity experts utilize port scanning techniques to scrutinize specific IP blocks, probing open vulnerabilities within systems.
Each detected vulnerability is then carefully inspected for any potential data leakage.
Asethical hackers, we are obliged to reach out to websites when we discover security flaws.
We recently discovered a hugedata breach impacting 80 million US households.
We also revealed thatGearbest experienced a massive data breach.
You may also want to read ourVPN Leak ReportandData Privacy Stats Report.
[Publication date: 31.07.2019]
kindly, comment on how to improve this article.
