Thursday , June 5 2025
Australian fintech

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known as Drive IQ.

Fowler, in a report to Website Planet, found an unsecured Amazon S3 bucket with 27,000 records. This database contained sensitive personal information, such as driver’s licenses, medical records, employment statements, and bank details, without any password protection or encryption.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

The exposed data is concerning, showing bank statements with account and partial credit card numbers. Fowler also found an internal screenshot of a separate MongoDB instance containing 3.2 million documents.

This screenshot shows a bank statement document that includes account details, transaction activity, and PII of the account holder. Source: websiteplanet.com

Company’s Quick Response:

Fowler quickly reported the vulnerability to Vroom, which immediately limited public access to the database. The company recognized the issue and promised a post-incident review, emphasizing its seriousness.

“We’ve identified and resolved the issue causing this vulnerability, so thank you for bringing it to our attention,” the company stated.

Vroom, which launched in 2022 as Drive IQ, is an AI-based platform that simplifies vehicle financing by connecting customers with lenders. It analyzes customer and vehicle information to deliver pre-approved financing offers. However, records from 2022 to 2025 reveal concerns about the company’s management of sensitive customer data.

The exposed information, such as identity and financial documents, poses serious fraud risks, including social engineering, fake accounts, loan applications, and impersonation, according to Fowler. Partial credit card numbers can help fill in missing details through cross-referencing or phishing scams.

He suggested that fintech companies adopt stronger security measures, including end-to-end encryption, access controls, multi-factor authentication, and regular security audits. He also supports data minimization policies, recommending that companies “collect and store active data while deleting outdated records.”

Over 200 Million Info Leaked Online Allegedly Belonging to X

 

Check Also

Qualcomm

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting …

Leave a Reply

Your email address will not be published. Required fields are marked *