The security analysis team at Safety Detectives has uncovered associate one more information leak size 2 terabytes of data hosted on an Elastic Server. Savvy shoppers in both India and also the U.K., sister sites Pouringpounds.com and Cashkaro.com – each of that belong to gushing Pounds Ltd. – have provided the dark internet with one more supply of full PII and account access to as several as over 3+ million people.

Head of Research, Anurag Sen, and team found that the cashback and online shopping deal websites Cashkaro.com and Pouringpounds.com have both made available key details about their active users:

The leak on Pouringpounds.com database includes data related to PouringPounds users, such as:

Full names,
Phone numbers,
Email addresses,
Login credentials to the platform
Username
Plaintext password
Bank details linked to account from the site
Email
Name of account holder
Bank name
Account number
Sort code (routing numbers)
Emails from Pouringpounds to their users,
IP addresses

As well as Cashkaro.com’s user, including:

Full names,
Phone numbers,
Email addresses,
Login credentials to the platform
Username
Plaintext password
Bank details linked to account from the site
Account holder name
Bank name
Branch
Account number
IFSC code
Bank account related password (we cannot be certain what it is used for, but unencrypted passwords are being linked with the bank details)
Emails from Pouringpounds to their users,
IP addresses

The elastic server was in public exposed with none password protection. looking out at a particular port, anyone might notice it simply and take advantage of whole database. From what we are able to see, it had been exposed since August 9, 2019.

On PouringPounds.com – a website with over 1,000,000 users – the username and plain-text passwords. An attacker might simply take over the complete account, as well as wallet details provided by website.

For CashKaro.com – a website with over 2+ million registered users – Researcher has found plain password and account information. They have also found account log contain bank account details and links to said accounts were found, as well; this is information used during the checkout process.

Source Safetydetectives

LEAVE A REPLY

Please enter your comment!
Please enter your name here