Cybernews reports that almost 135,000 individuals served by seven Central and South American financial organizations, most of whom are in the Dominican Republic, had their personal and financial details exposed by unsecured Azure Blob Storage buckets belonging to Uruguay-based digital banking platform Bankingly.
Misconfigurations leaked the full names, emails, personal and work phone numbers, and financial application usernames belonging to clients of Dominican Republic's Asociacion La Nacional de Ahorros y Prestamos, Mexico's Caja Mitras and Caja Buenos Aires, Bolivia's La Cooperativa de Ahorro y Credito Abierta "San Martín de Porres," Costa Rica's Credecoop, Ecuador's Coac Puellaro, and El Salvador's AMC. Bankingly has since moved to secure the exposed buckets. Despite the limited nature of the leaked data, such information could still be leveraged by threat actors to conduct advanced phishing and credential stuffing attacks, according to Cybernews researchers, who also noted the incident to emphasize third-party service provider security risks.
