Subj : Popular online bill paying site leaks data of thousands of users To : All From : TechnologyDaily Date : Thu Jan 16 2025 18:00:05 Popular online bill paying site leaks data of thousands of users Date: Thu, 16 Jan 2025 17:45:00 +0000 Description: The database is now locked down, but users still still be on their guard. FULL STORY ======================================================================Security researcher finds large unsecured online database belonging to Willow Pays The database contained plenty of sensitive customer information It is now locked down, but users should still be cautious Bill payment platform Willow Pays kept a huge database full of sensitive customer information unprotected online available to anyone who knew where to look, an expert has claimed. Researcher Jeremiah Fowler, known for hunting down misconfigured and non-password-protected databases on the internet, revealed he recently discovered a database containing more than 240,000 records. There were folders inside the database indicating bills, mailing lists, account inconsistencies, repayment schedules, screenshots, settings, and snapshots, he said. In a limited sampling of the exposed documents, I saw records that included names, email addresses, credit limits, and other internal information. One single spreadsheet document contained the details of 56,864 individuals, indicating if they were prospects, active customers, or blocked accounts. Missing details Soon after, Fowler was able to attribute the database to Willow Pays, a financial service which helps users manage their bills by paying them upfront. The service allows users to repay the amount in four interest-free installments, making it easier to handle expenses. This service also supports building credit by ensuring timely repayments. Fowler reached out to Willow Pays, which locked down the database soon after. However, the company did not reply to his emails, and did not say if it manages the database in-house, or if the job was outsourced to a third-party. Furthermore, we dont know for how long the database remained unlocked, or if any malicious actors accessed it before Fowler did. Misconfigured databases remain one of the most common causes of data leaks and spills on the internet. Many security researchers are warning that companies do not properly understand the shared security model of most cloud service providers these days, and that they mistakenly place too much trust on them, instead of protecting their assets themselves. Via Website Planet You might also like PowerSchool hit by cyberattack which saw student and teacher data stolen Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/popular-online-bill-paying-site-leaks-d ata-of-thousands-of-users --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .