Unfortunately, a few months after it managed to secure the server, another server leaked similar data.
But rare are these times.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
In this case, the owner of the database was not initially clear.
Banksight never got back to us, we saw the server closed on June 30.
BankSight responded on September 10, 2020 and the server was closed on September 11, 2020.
Therefore, we cannot guarantee its absolute security."
Based on our discovery, thecompany had not taken sufficient steps to protect its users' data.
The exposed database was live at the time of our investigation, with new logs being uploaded daily.
While the number of records varied, the combined size of theuploads ranged from 15-40 GB every day.
The origins of the data can explain the amount being uploaded.
The database was storing records from every business using BankSight’s CRM in one place.
Others were asking for a postponement of loan payments for the same reason.
Hackers rarely get such detailed summaries and insights into an individual’s or small business’s finances.
BankSight could have provided that opportunity, leading todevastating consequences for potentially 100,000s of people.
By not securing its CRM database, BankSight could have made it even easier.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
They examine each weakness for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
BankSight was using an Elasticsearch database, which is ordinarily not designed for URL use.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
This has included an enormous data leakexposing the data of 10,000s of American energy sector workers.
Help Us Protect the Internet!
