Researchers have found a data breach consisting of about 5.5 million exposed files, totalling over 1TB of data. The leaked information has affected more than 100,000 Colombian real estate customers.
According to the statements reported by the researchers, the leaked information was not encrypted. Therefore it does not require any password or login credentials to be able for anyone to access it. They added that the data breach originated from a compromised Amazon Web Services or AWS Simple Storage Service (S3) bucket. The misconfiguration has caused the names, addresses, and photos of many clients to be revealed. In AWS’s S3 bucket, the data stored includes account statements for 2014 to 2021, invoices, income documents, and quotes.
The list of information that can be found in the data breach is the clients’ full names, mobile numbers, residential addresses, email addresses, asset values, and the amount paid for estate purchases.
Furthermore, a database backup of additional details such as profile photos, usernames, and passwords are also included in the database backup. There is also some malicious, backdoor code in the bucket found in the database that the researchers fear to be exposed and used in exploitations such as acquiring website access and redirection of victims towards infected and fraudulent pages.
Because of the lack of response from the affected party, researchers could not confirm if the exposed files had already been used by threat actors in any phishing campaigns.
The researchers have also viewed a sample of the exposed documents. They reported that the compromised data reveals a range of up to $140 to $200 billion in transactions and an annual transaction history reaching over $46 billion. They concluded that the mentioned data is roughly about 14% of the total economy of Colombia.
Because the highly sensitive data stored can easily be accessed in the exposed database file, it could be vulnerable to cyber threats and data exploitation by many threat actors. The exposed data can be used to conduct phishing attacks, fraudulent activities, or scams, such as deceiving victims into paying additional purchases or even tell much more sensitive credentials.
