If you or someone you know has used the MCA Wizard App, your personal information has been exposed. Over 500,000 documents have been compromised.
Advantage and Argus has become the latest company to suffer from a data leak. A researcher for VPNMentor has discovered the database on an unsecured cloud server. From ZDNet:
On Tuesday, vpnMentor researchers led by Noam Rotem said the database appears to be connected to MCA Wizard, a now-defunct app that appears to have been developed by Advantage Capital Funding and Argus Capital Funding.
The iOS/Android application was developed as a Merchant Cash Advance (MCA) instrument, used to provide businesses with short-term loans based on their future credit card-based sales. The app is no longer available on official app stores.
In a report shared exclusively with ZDNet, the team said the database was discovered through vpnMentor’s web mapping project. First uncovered in December 2019, the Amazon Web Services (AWS) S3 bucket was not using any form of encryption, authentication or access credentials, a situation which has become increasingly common as many companies move to cloud services.
vpnMentor found over 500,000 “highly sensitive” documents, including private legal and financial files, that originated from Advantage and Argus. In total, 425GB was contained in the database at the time of discovery — and files were still actively being uploaded to the bucket as the team conducted their investigation.
Not that it was needed anymore, but this is the latest example why companies cannot be trusted with sensitive information without governmental oversight. Without enforceable laws protecting people’s personal information, corporations will simply treat personal information as a simple asset that can be bought and sold or otherwise randomly stored somewhere. For those who are into identity theft, this sort of situation is a dream come true because it makes their lives extremely easy.
It’s partly why the move by the Business Council of Canada to lobby the Canadian government to loosen privacy laws is so asinine. It would be the equivalent of looking at the COVID19 outbreak and trying to lobby the government to reduce spending on healthcare because those fat cat doctors are overpaid as it is. The only reasonable response to such an effort is to look them straight in the eye, point to the door and say, “Get out.”
For those who say, “oh, well, this is a one off incident”, I encourage you to just peruse the security category on this site. Do you notice a theme with compromised information? This latest example is simply a continuation of a longrunning bad joke at this stage.
This month has been eventful with security incidences. First, it was the ClearView AI data breach where their entire client list was stolen. After that, the security incidences involved Koodo, Virgin Media, Carnival Corp., TruFire, and possibly the US Census Bureau. Suffice to say, things are as interesting as always in this area.
Drew Wilson on Twitter: @icecube85 and Facebook.