The non-password protected database had been discovered by researcher, Jeremiah Fowler, on May 26.
The Elastic database, contained information including Know Your Customer (KYC) PII client information, wallet ID, usernames, emails, account and transaction data. Additionally IP addresses, pathways and ports were discovered, to which cyber criminals could exploit to gain access deeper into the network.
Altogether 2.6 million users and transaction records had been exposed.
Once the database was discovered, Fowler followed a “responsible disclosure policy” and had reported the discovery. On May 28, the database was closed and restricted from the public.
It remains unclear as to how long the data was exposed for, and who may have had access to it.
Jana Small Finance Bank provides loans or credit to individuals, entrepreneurs, small business owners, who would not be eligible in larger banks.
“Providing loans and credit is important and a valuable service, but this is a wake up call for any organization who collects and stores user or customer data. There is an even higher standard when it comes to financial data because of the increased risk of fraud or theft,” said Fowler.
It is unclear if Jana Bank has notified the authorities or users.
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.