Had criminal hackers discovered this database, there would have been dire consequences for all involved.
For instance:
As such, we will refer to them as a pair throughout this report.
What is an MCA?
Some providers charge 10-15% interest.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos leaking the data.
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
In this case, we discovered the breached database on Amazon Web Services (AWS) in December 2019.
However, the purpose and ownership of the database were not initially apparent.
In fact,from the beginning of our research, a lot was unclear about this discovery.
While the databases URL contained MCA Wizard, most files had no relation to the app.
Instead, they originated from both Advantage and Argus.
However, there is no clear connection between MCA Wizard and the two companies that own it anywhere online.
Eventually, we contacted AWS directly, and the breach was closed shortly after.
The following examples demonstrate the wide range of this leak.
Both would result in considerable loss of clients, contracts, business relationships, and ultimately, revenue.
Advantage and Argus will have to consider how they will comply with the law to mitigate any further investigations.
However, the potential problems go much further for the people doing business with both companies.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
Each of these weak spots is then thoroughly analyzed for possible data leakage.
If possible, we will also inform any other party affected by the breach.
Our team was able to access this database because it was completely unsecured and unencrypted.
The purpose of this web mapping project is to help make the internet safer for all users.
As ethical hackers,were obliged to inform a company when we discover flaws in their online security.
These ethics also mean we carry a responsibility to the public.
Advantage and Argus customers and clients must be aware of a data breach that impacts them too.
We also never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 19.02.2020]
just, comment on how to improve this article.
