Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.

A recent discovery by cybersecurity researcher Jeremiah Fowler has shed light on a sensitive data exposure involving the Australian fintech company Vroom by YouX, formerly known as Drive IQ.

Fowler, reporting to Website Planet, discovered a publicly accessible Amazon S3 bucket containing a staggering 27,000 records. This database, lacking essential security measures like password protection and encryption, held a treasure trove of sensitive personal information, including driver’s licenses, medical records, employment statements, and bank details.

The exposed data was quite alarming, revealing “bank statements that contain account numbers and partial credit card numbers” readily available. Fowler’s findings also pointed towards an internal screenshot indicating the existence of a separate MongoDB storage instance holding 3.2 million documents.

While the accessibility of this additional storage remains unknown, its exposure, Fowler noted, presents “numerous potential risks” allowing cybercriminals to identify internal data storage locations ...