- RelatingPix has exhibited 5.1 million sensitive insurance files on a non -guaranteed public database
- Documents included personal data, vehicle details and company internal files
- Relatingpix Restréed Access and Pleed Code Updates after the researcher alerted them
Relatingpix, a company that rationalizes car insurance complaints, fled the data from sensitive customers on the Clearweb, including the telephone numbers of people and email addresses, warned an expert.
Security researcher Jeremiah Fowler, known for hunting with poorly configured and unprotected databases, recently found one of these instances containing 5.1 million files, sharing her results with Websiterplanet.
The archive had a size of 10 TB and included documents such as proxy, vehicle recording, estimates, repair bills and damaged vehicle images with visible license plates and wine numbers.
Claim leaks
The data also included insurance documents with names, postal addresses, telephone numbers and emails and registration documents with additional details on vehicles, but also internal documents with conditions, fees and other information that should not be available for the general public.
Fowler’s survey led him to RelayPix, a technology company in Hillside and Illinois providing a self-service photo documentation platform to rationalize insurance complaints, damage assessments and remote inspections. It covers several sectors, including insurance, car navigation and contracts.
Relatingpix is a relatively small and private organization, which operates with less than 25 employees and generates around 5 million dollars in annual income. According to some sources, it has dealt with more than 25,000 complaints across the United States and established partnerships with companies such as the relocation of Bluestar companies.
Shortly after Fowler stretched out, the company limited the public access database and apologized for the accident.
“We have updated policies and our code to solve this problem and will make these changes live later in the evening,” Révepix told the researcher.
Some details remain unknown: we do not know if RelayPix uses this archive or if the work is outsourced to a third party. We do not know how long it has been open, and if threat actors access it before it was locked. At the time of the press, there was no evidence that the files had been stolen or mistreated in phishing attacks.
