Search our Knowledgebase


LATEST CYBER BREACH: WizCase identifies major security breach leaving 100k+ users compromised.

WizCase identifies major security breach leaving 100k+ users compromised.
Posted by: Iain Fraser - Cybersecurity Journalist

A team of ethical cyber researchers led by Ata Hakcil of the WizCase security team have identified a major breach affecting the online database of Colombian real estate development firm, Coninsa Ramon. The breach exposed clients’ names, photos, addresses, and more. Our team estimated that the breach affected over a hundred thousand people. There was no need for a password or login credentials to see this information, and the data was not encrypted.

Coninsa Ramon is a major real estate development firm in Colombia. The company specializes in architecture, engineering, construction, and real estate services and serves both individuals and companies in various sectors in Colombia including: housing, commerce, industry, institutional, and infrastructure. The breach was caused by the misconfiguration of an AWS S3 bucket that contained over 5.5 million files, totalling over 1TB of data. We reached out to the company, but did not receive a reply so far.

The misconfigured bucket exposed data from the company, as well as personal identifying information (PII) from an estimate of over 100,000 customers. Most of those customers were individuals but some were companies. The data found in the bucket was mostly invoices, but it also contained income documents, quotes, account statements, and readjustment documents. All the documents were dated between 2014 and 2021.

These documents exposed customer information such as full names, phone numbers, emails, home addresses, amounts paid for estates, and asset values. The misconfigured bucket also contained a database backup that exposed additional details such as profile pictures, usernames, and hashed passwords. However, it does not appear that any credit card or bank information was exposed. Learn More/...

About WizCase

The WizCase Cybersecurity Research Team aims to investigate and uncover the latest threats on the internet. The global research team uses ethical hacking methods to shine a light on data breaches, privacy leaks, and security flaws within online communities and organizations.

Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.

Top Post Ad

Microsoft365 for Business

Below Post Ad

Get 10 for £10 at New Scientist now