- Security Researcher Discovers Large, Insecure Online Database Belonging to Willow Pays
- The database contained a lot of sensitive customer information
- It is now locked, but users should remain cautious
Bill payment platform Willow Pays kept a huge database full of sensitive, unprotected customer information online, available to anyone who knew where to look, an expert has claimed.
Researcher Jeremiah Fowler, known for tracking down misconfigured and non-password-protected databases on the Internet, revealed that he recently discovered a database containing more than 240,000 records.
“There were records in the database showing invoices, mailing lists, account inconsistencies, repayment schedules, screenshots, settings and snapshots,” he said. “In a limited sample of exposed documents, I saw records containing names, email addresses, credit limits and other internal information. A single spreadsheet contained the details of 56,864 people, indicating whether they were leads, active customers or blocked accounts.
Missing details
Soon after, Fowler was able to assign the database to Willow Pays, a financial service that helps users manage their bills by paying them upfront. The service allows users to repay the amount in four interest-free installments, making it easier to manage expenses. This service also supports credit building by ensuring timely repayments.
Fowler contacted Willow Pays, who locked the database shortly after. However, the company did not respond to his emails and did not clarify whether it managed the database in-house or whether the work was outsourced to a third party. Additionally, we don’t know how long the database was unlocked, or whether malicious actors accessed it before Fowler.
Misconfigured databases remain one of the most common causes of data leaks and spills on the Internet. Many security researchers warn that companies don’t properly understand the shared security model of most cloud providers these days and are wrongly placing too much trust in them, instead of protecting themselves. their assets.
Via Planet Website
