[BreachExchange] Colombian Real Estate Agency Leak Exposes Records of Over 100, 000 Buyers

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 23 08:43:32 EDT 2021 

https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.html

More than one terabyte of data containing 5.5 million files has been left
exposed, leaking personal information of over 100,000 customers of a
Colombian real estate firm, according to cybersecurity company WizCase.

The breach was discovered by Ata Hakçıl and his team in a database owned by
Coninsa Ramon H, a company that specializes in architecture, engineering,
construction, and real estate services. "There was no need for a password
or login credentials to see this information, and the data was not
encrypted," the researchers said in an exclusive report shared with The
Hacker News.

The data exposure is the result of a misconfigured Amazon Web Services
(AWS) Simple Storage Service (S3) bucket, causing sensitive information
such as clients' names, photos, and addresses to be disclosed. The details
stored in the bucket range from invoices and income documents to quotes and
account statements dating between 2014 and 2021. The complete list of
information contained in the documents is as follows -

   - Full names
   - Phone numbers
   - Email addresses
   - Residential addresses
   - Amounts paid for estates, and
   - Asset values

In addition, the bucket is also said to contain a database backup that
includes additional information such as profile pictures, usernames, and
hashed passwords. Troublingly, the researchers said they also found
malicious, backdoor code in the bucket that could be exploited to gain
persistent access to the website and redirect unsuspecting visitors to
fraudulent pages.

It's not immediately clear if these files were put to use by bad actors in
any campaign. Coninsa Ramon H did not respond to inquiries from The Hacker
News sent via email regarding the vulnerability.

"Based on viewing a sample of the documents, […] the misconfiguration
revealed $140 to $200 billion in transactions, or an annual transaction
history of at least $46 billion," the researchers said. "For perspective,
that's roughly 14% of Colombia's total economy."

The highly confidential nature of the data contained within the database
makes it highly susceptible to exploitation by cybercriminals to mount
phishing attacks and conduct a variety of fraud or scam activities,
including tricking users into making additional payments and worse, reveal
more personally identifiable information by tampering with the website's
backend infrastructure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210923/63f785e8/attachment.html>

More information about the BreachExchange mailing list