• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
thousands of borrowers' data exposed from encollect debt collection service

Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service

You are here: Home / General Cyber Security News / Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service
May 5, 2022

An ElasticSearch server occasion that was remaining open up on the Internet without having a password contained sensitive economic information and facts about financial loans from Indian and African fiscal providers.

The leak, which was found out by scientists from data security firm UpGuard, amounted to 5.8GB and consisted of a full of 1,686,363 documents.

“Those people data involved own details like name, financial loan sum, date of birth, account selection, and additional,” UpGuard mentioned in a report shared with The Hacker Information. “A complete of 48,043 exceptional email addresses were being in the selection, some of which were for the solution administrators, corporate customers, and selection agents assigned to just about every case.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The uncovered instance, utilized as information storage for a credit card debt selection platform referred to as ENCollect, was detected on February 16, 2022. The leaky server has considering the fact that been rendered non-available to the public as of February 28 next intervention from the Indian Computer system Crisis Reaction Staff crew (CERT-In).

ENCollect is billed as the “world’s finest collector’s app,” letting assortment brokers to monitor personal loan payments, initiate lawful steps as effectively as offer you approaches for delinquency administration, settlements, and repossession.

ENCollect Debt Collection Service

UpGuard mentioned the financial loans originated from lending expert services these types of as Lendingkart, IndiaLends, Shubh Loans (MyShubhLife), Centrum, Rosabo, and Accion, with the leaked info also incorporating particular details associated with the borrowers.

Also, the dataset encompassed 114,747 mailing addresses, 105,974 phone quantities, and 157,403 personal loan quantities. A subset of these information also exposed additional information this kind of as speak to information of co-candidates, family users, and other individual references.

“Some data contained overdue amounts, the type and duration of the mortgage, and internal notes still left by collection company team regarding financial loan repayments,” UpGuard stated.

Despite the fact that the misconfigured server has been secured, there are generally probabilities that any one with destructive intent may possibly probable use the information to goal buyers as section of frauds or extortion techniques and even masquerade as mortgage collectors to focus on borrowers.

“The digitization of economic products and services supplies a lot of chances for efficiencies in procedures like debt selection, but also generates unanticipated hazards in the supply chain,” the researchers mentioned. “Vendor remedies also generate the risk for multiparty exposures when their details sets are sourced from quite a few customers, as in this scenario.”

Located this post interesting? Comply with THN on Facebook, Twitter  and LinkedIn to examine a lot more exclusive material we post.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News South Korea Admitted to NATO Cyber Defense Center
Next Post: WannaCry showed the world how not to write ransomware wannacry showed the world how not to write ransomware»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns
  • Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
  • New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
  • Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
  • MongoDB CISO: Don’t be afraid to simplify important issues for executives
  • Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
  • Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
  • Lazarus blamed for 3CX attack as byte-to-byte code match discovered
  • New Cylance Ransomware strain emerges, experts speculate about its notorious members
  • 3CX Supply Chain Attack — Here’s What We Know So Far

Copyright © TheCyberSecurity.News, All Rights Reserved.