Thousands of Borrowers' Data Exposed from ENCollect Debt Collection Service
May 05, 2022
An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those records included personal information like name, loan amount, date of birth, account number, and more," UpGuard said in a report shared with The Hacker News. "A total of 48,043 unique email addresses were in the collection, some of which were for the product administrators, corporate clients, and collection agents assigned to each case." The exposed instance, used as data storage for a debt collection platform called ENCollect, was detected on February 16, 2022. The leaky server has since been rendered non-accessible to the public as of February 28 following intervention from the Indian Computer Emergency Response Tea...