Unprotected Database of Fin-Tech Company Exposed 240,000 Sensitive Records Online

Cybersecurity researcher Jeremiah Fowler has uncovered a non-password-protected database containing over 240,000 records belonging to Willow Pays, a financial technology company specialized in AI-driven bill management solutions.

The database, accessible to the public, housed sensitive customer information, including names, email addresses, phone numbers, credit limits, and other internal data. Some of the exposed folders were also labeled as bills, repayment schedules, mailing lists, or included screenshots.

“One single spreadsheet document contained the details of 56,864 individuals, indicating if they were prospects, active customers, or blocked accounts,” Fowler noted.

Although the database was promptly secured after a responsible disclosure notice, it remains unclear how long the database was publicly accessible, whether it was directly managed by Willow Pays or a third-party contractor, and whether threat actors accessed it before it was secured.

Exposed databases like this one offer criminals opportunities to conduct fraud, identity theft, and social engineering schemes. For instance, knowledge of billing details, account statuses, and payment histories can be weaponized to create convincing phishing attacks and steal sensitive data such as credit card information and account passwords from users.

Steps to Protect Your Identity

If you suspect your information has been compromised or you want to strengthen your cybersecurity posture, consider the following steps:

1. Monitor your financial accounts: Review your bank statements and credit reports regularly to detect unauthorized activity. Sign up for fraud alert services to identify suspicious transactions.
2. Change and strengthen your account passwords: Update passwords for any accounts linked to the breached organization. Use strong, unique passwords and enable two-factor authentication (2FA) wherever possible. To streamline password security, use a trustworthy password manager such as Bitdefender SecurePass.
3. Be wary of phishing: Never share personal or financial information through unsolicited emails or calls. Verify requests through official channels before handing over any information.
4. Monitor your digital identity: Services like Bitdefender Digital Identity Protection can help you monitor your digital footprint, alert you to data breaches involving your personal information, and guide you in securing exposed personal information.

Check out plans and additional information here.