INSUBCONTINENT EXCLUSIVE:
A mobile app that is no longer in operation has been identified as the source of an exposed database containing close to 500,000 personal
and business financial records.Security researchers at vpnMentor were able to trace the exposed database back to a former Android and iOS
app called MCA Wizard which was jointly developed by Advantage Capital Funding and Argus Capital Funding back in 2018.MCA Wizard was
designed to allow businesses to apply for and manage merchant cash advance (MCA) short-term loans
According to vpnMentor, the app stored a variety of financial documents including bank statements, photocopies of driver's licenses,
credit checks and even tax and social security information.Even though the app has been pulled from both the Google Play Store and Apple App
Store, the data it stored was left unsecured in an AWS S3 storage bucket that remained online and was accessible without a password.In its
was taken down by AWS at the beginning of January
However, the database was taken down more than two weeks after it was first discovered.While the MCA Wizard app is no longer available, the
security researchers did notice that new documents were being added to the database right up until its removal
This suggests that another application or service could have also been using the same S3 storage bucket.If you or your business used MCA
Wizard, it is recommended that you pay careful attention to your bank statements and look out for any unauthorized activity or new accounts
being created.Via The Register
