• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Forex Server Exposed Customer’s Financial Information

Forex Server Exposed Customer’s Financial Information

2021-03-24 by Michelle Dvorak

Forex Data Leak

Online Trading Platform Financial Data Found on Misconfigured Server

Note: We may earn a commission from products or services when you click on a link and make a purchase.

Data belonging to Forex trading customer was found unprotected on a server that anyone could access. More than 20 terabytes of highly sensitive customer data was exposed on a misconfigured server. Exposed data includes names, government IDs, and bank accounts.

The data came from FBS.com and FBS.eu trading sites.

Customer IDs, as well as both sides of customers’ credit cards, were exposed leaving them open to online scams like identity theft and phishing schemes.

SEE ALSO: 6 Signs of a Romance Scammer

The data resided on an Elasticsearch server and was discovered by security researchers at WizCase. The server was not protected and accessible to anyone who discovered it. The information in the database was not encrypted or password protected.

“The data leak was unearthed as part of WizCase’s ongoing research project that randomly scans for unsecured servers and seeks to establish who are the owners of these servers,’ said WizCase in a post about the leaked customer data.

Forex is a major online trading platform for foreign currency, securities, and commodities trading platform.

The unsecured server contained 20 TB of customer data and over sixteen billion records according to the report. It was discovered in October.

Exposed Customer Data Includes:

The exposed data is extensive.

  • full names
  • email address
  • unencrypted passwords
  • billing addresses
  • phone numbers
  • IP address
  • passport numbers
  • social media accounts
  • User ID verification documents including government ID cards, driver’s licenses, bank account statements, utility bills, and credit cards

Customer login history, loyalty data, and password reset links was also exposed.

Motley Fool Stock Advisor

Scammers Use Stolen Data for Scams

A data leak like this leaves customers open to future online scams and fraud. There is no telling who accessed this treasure trove of customer data before it was discovered by the cyber security researchers.

In February, the US Federal Trade Commission (FTC) released data showing that romance scams account for the costliest type of online fraud. Romance scams have cost consumers over $143 million in losses in the past three years.

Cybercriminals use personally identifiable information (PII) like that found in this Forex trading platform data leak to carry out a variety of online fraud schemes.

Types of Fraud Exposed Customers are Vulnerable to:

  • Identity Theft – Government IDs like drivers licenses along with bank account information is enough information for a fraudster to open up more credit cards, automobile loans, or other lines of credit using the stolen identities and PII.
  • Email phishing schemes – Fraudsters may already have your name and email address. They use this to launch future email phishing scams trying to trick you into downloading a malicious email attachment or send you to a harmful website. These emails and websites try to scam you out of your money. Always use a reliable antivirus app to help detect and intercept fraudulent emails and websites. For only a few dollars a month, you can protect yourself with an app that detects the latest money stealing schemes.
  • Credit Card Theft – The Forex data leak contained information the platform was used to verify the identities of customers. This information can also be used to fraudulently open up consumer credit cards and additional lines of credit.
  • Hacking Online Accounts – People frequently re-use the same email and password for multiple online accounts. Customer passwords were exposed in this data leak. That means if fraudsters have one password and email address, they may be able to use it to log into your other online accounts – like your bank – and transfer your money out. The average consumer has about 200 online accounts making it hard to remember a unique password for each one of them.
  • Use a reliable password app to help you create and store unique and hard-to-guess passwords for each individual online account.

“WizCase discovered the leak on October 1st, 2020 and reached out to FBS on October 2nd. Subsequently, FBS secured the server on October 5th. Nevertheless, reach out to FBS if they have not contacted you about the breach already, says WizCase.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version