- Researcher found nearly 200,000 personal records exposed
- It appears to belong to an invoicing platform, Invoicely
- This exposes anyone involved to the risk of fraud or identity theft.
A publicly exposed database, left without encryption or password and containing 178,519 files, was discovered by cybersecurity researcher Jeremiah Fowler. In sampling the exposed files, he said he saw personally identifiable information (PII) such as names, addresses, numbers, tax identification number, etc.
By analyzing the records, the researcher hypothesizes that the databases belong to small business invoicing platform, Invoicely – although it is unclear whether the database is owned/managed directly by the company, or if it is managed by a third party.
A major concern when personal information is involved is the threat of identity theft, since criminals will attempt to use your information to take out loans or credit cards. The additional danger with financial details or invoices is that bad actors can reproduce or impersonate customers or business partners using fake invoices or financial transactions.
High risks
The inclusion of financial information such as tax documents presents an opportunity for bad actors to create multiple different attacks, including fraud, social engineering or spear phishing attacks – or even direct criminals to higher value targets in their business transactions.
The researcher also highlights the risk of fraudulent tax returns, with around 6,000 tax returns filed under stolen identities in 2025, creating complicated situations for taxpayers who then have to pick up the pieces.
“My advice to organizations that develop and provide billing and accounting platforms, applications or services is to limit the collection and retention of personal data where possible,” Fowler said.
“Encrypt sensitive information so that it is not human-readable; this way, in the event of data exposure, encryption adds an extra layer of security. While not impossible to decrypt, properly encrypted files remain extremely difficult to access without the correct credentials.”
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
