Australian artificial intelligence-based dealership finance platform Vroom by YouX, previously known as Drive IQ, had 27,000 records with sensitive information exposed by an unprotected Amazon AWS S3 bucket, which has since been secured by the company, Hackread reports.
Included in the leaked data trove were individuals' driver's licenses, medical records, bank account numbers, and partial credit card numbers, as well as employment statements collected by the fintech firm since 2022, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. Also discovered within the exposed bucket was a screenshot of information from a separate MongoDB storage instance with 3.2 million files. While additional details regarding the possible exploitation of the leaked data remains uncertain, such information could be leveraged by threat actors to establish an attack vector or backdoor into targeted networks, said Fowler, who urged fintech firms to adopt end-to-end encryption, multi-factor authentication, and more robust security controls to avert potential compromise.
