An unprotected AWS S3 bucket exposed some 425 GB of data, representing approximately 500,000 documents related to MCA Wizard, an iOS and Android app developed by Advantage Capital Funding and Argus Capital Funding. According to vpnMentor researcher Noam Rotem, who led the team of researchers who found the open database, the app appears to be a tool for a Merchant Cash Advance (MCA), which provides relatively small, high-interest business loans typically made to small companies.
In a blog post, Rotem shared examples of the types of document found in the database, many of which seemed to have no relationship to the app itself. Information in the documents included credit reports, bank statements, contracts, legal documents, driver's license copies, purchase orders and receipts, tax returns, Social Security information, and transaction reports.
According to vpnMentor, its researchers tried to contact Advantage and Argus, which may actually be the same company, to inform them of the open bucket. When they were unable to do so, they informed AWS, which shut off access to the database.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"