The open database exposed highly sensitive financial and business documents related to two financial organizations.

Dark Reading Staff, Dark Reading

March 19, 2020

1 Min Read

An unprotected AWS S3 bucket exposed some 425 GB of data, representing approximately 500,000 documents related to MCA Wizard, an iOS and Android app developed by Advantage Capital Funding and Argus Capital Funding. According to vpnMentor researcher Noam Rotem, who led the team of researchers who found the open database, the app appears to be a tool for a Merchant Cash Advance (MCA), which provides relatively small, high-interest business loans typically made to small companies.

In a blog post, Rotem shared examples of the types of document found in the database, many of which seemed to have no relationship to the app itself. Information in the documents included credit reports, bank statements, contracts, legal documents, driver's license copies, purchase orders and receipts, tax returns, Social Security information, and transaction reports.

According to vpnMentor, its researchers tried to contact Advantage and Argus, which may actually be the same company, to inform them of the open bucket. When they were unable to do so, they informed AWS, which shut off access to the database.

For more, read here and here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights