More than 24 million important files on finance in a single database were compromised recently. This files exposed were from some of the biggest banks in the US, and the information was put out on the Internet after the database was hacked. This folder housed a decade’s worth of information on loan and mortgage agreements, tax documents, social security numbers, bank account numbers, names, addresses and more.
Exposed Data Open To Hackers
The compromise was possible due to a lapse in the password of the database. The database was without a password for about 14 days, making the hack easier. The hitch in the security of the server was pointed out by TechCrunch’s Zach Whittaker. Bob Diachenko, a freelancer researcher, said that;
“These documents contained highly sensitive data. This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, and get loans or credit cards.”
The information was found by the researcher in an unsecured Elasticsearch cluster. With TechCrunch’s aid, Diachenko was able to trace the data to Texas-based company, data and analytics company Ascension. A service included in Ascension is the conversion of writing on paper to computer files, known as OCR. It was these OCR files that were exposed to during the leak.
— Bob Diachenko (@MayhemDayOne) January 23, 2019
A top counsel member at Ascension’s parent company, Rocktop Partners, spoke to reporters and said that the company was working with specialists to assess the situation. It has been discovered that the specialists are from OpticsML, a company based in New York.
Is Blockchain The Answer?
The blockchain has been a source of refuge for Fintech and data storage companies who are seeking to avoid the situation Ascension are having. Basically, with the use of the blockchain, information cannot be hacked because the data will be on several nodes, eliminating a hack from a single node. Also, blockchain can control the identities of users who can gain access to data.
According to TechCrunch, some of the banks affected in the leak include CitiFinancial, a closed-up branch of Citigroup, HSBC, Wells Fargo, Capital One and the US Department of Housing and Urban Development. A Spokesperson from Citigroup stated that the right law enforcement arms had been reached to determine the extent of damage caused by the leak. The spokesperson also noted that the information had been taken down to prevent public access.
Is Elasticsearch Fast Becoming A Hub for Leaks?
The database on which the leaked information was found, Elasticsearch, is also a database for storing documents. Several companies use Elasticsearch to better web information indexing, but unknowingly, this can cause vulnerability of their servers filled with personal information. Apart from the financial data leak from the banks, about three other data breaches were found on Elasticsearch in January. They include several calls and texts from Voipo, millions of intern applications from AIESEC, and over a hundred million gambling records from online casinos.
Diachenko also discovered a leak on Elasticsearch two months back. It was credit card information from Bancolombia, a full-service financial institution. He reported the information he found to the bank and said the data was secured. The computer person in charge of the data later admitted that there were open ports he/she was not aware of.