U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Expert discovered online data belonging to the trading firm AMP

Security expert Chris Vickery reported a data breach at online trading firm AMP that exposed customer credit reports, and Social Security numbers. The popular security expert Chris Vickery has discovered a new data breach that affected the AMP online trading firm that exposed thousands of files, including credit reports, passport scans, and customer chat logs. This specific […]

Expert discovered online data belonging to the trading firm AMP

Security expert Chris Vickery reported a data breach at online trading firm AMP that exposed customer credit reports, and Social Security numbers.

The popular security expert Chris Vickery has discovered a new data breach that affected the AMP online trading firm that exposed thousands of files, including credit reports, passport scans, and customer chat logs. This specific incident is notable for the amount of money that passes through AMP’s systems.

“I’ve come across several finance-related data breaches within the past few weeks, most recently involving the AMP Futures trading platform.” wrote the expert in a blog post.

“While the exact nature of the leak is nothing new, a third-party IT vendor’s unsecured rsync backup device, the amount of money involved is on the large side. The files indicate that AMP has over $50 million on the books and additionally include the private details of over 10,000 account applicants.”

AMP data leak

The data leak discovered by Vickery was caused by a misconfigured backup device managed by a third-party IT vendor, it was now fixed. Such kind of incidents are unfortunately very common, Vickery has discovered similar data leaks online.

AMP is a Chicago-firm based firm that operates many platforms for online futures trading.

Vickery discovered a  70GB dump exposed on the web containing roughly 97,000 files.

“The portion I downloaded comes to about 70 gigs and represents 97,000 different files. It includes credit reports, passport scans, internal company emails, customer chat logs, and basically everything an identity thief would need in order to mount a serious campaign.” Vickery added. “I was surprised at the number of plaintext customer passwords discussed in the chat logs (by staff and customers alike).” 

Vickery explained that AMP representatives were surprised when he reported the data leak.

“The head honcho over at AMP was surprised when I fully explained the situation to him over a phone call. He rightly wondered what AMP was paying its third-party IT company for. If a third party, which specializes in IT, can’t catch this kind of leakage themselves, there is some serious improvement to be done.” Vickery explained.

“AMP’s CEO was relieved to hear that I wasn’t trying to sell him anything or attempting any sort of blackmail or extortion, and I’m thankful he understood that I merely discovered the unsecured data rather than causing it to become unsecured. That’s a distinction many people fail to grasp, especially when their company is potentially in the hot seat.”

Chris Vickery discovered many other clamorous cases of open database exposed on the Internet.

In December 2015 the security expert discovered 191 million records belonging to US voters online, in April 2016 he also discovered a 132 GB MongoDB database open online and containing 93.4 million Mexican voter records.

In March 2016, Chris Vickery has discovered online the database of the Kinoptic iOS app, which was abandoned by developers, with details of over 198,000 users.

In January 2017, the expert discovered online an open Rsync server hosting the personal details for at least 200,000 IndyCar racing fans.

A few days ago, Vickery’s disclosed a massive data breach at a U.S.-based data warehouse, Schoolzilla, which held personal information on more than a million American students (K-12).

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Data Leak, AMP)

[adrotate banner=”13″]