Blog | G5 Cyber Security

Real-Time Location of Millions Exposed by Mobile Loan Apps

An open ElasticSearch cluster hosted on infrastructure owned by Aliyun Computing Co (also known as Alibaba Cloud) leaked 899 Gb of identity, credit card, banking, device, and real-time GPS location information. Data was added to the publicly-accessible database by over 100 mobile loan-related apps used by Chinese people when applying for loans. The company who owns the ElasticSearch server is not known even though the leaky database is now unreachable after Alibaba took down the exposed server. Some of the leaked records also contained the users’ passwords encrypted using MD5 message-digest algorithm.

Source: https://www.bleepingcomputer.com/news/security/real-time-location-of-millions-exposed-by-mobile-loan-apps/

Exit mobile version