Australian Trading Company Data Beach, 06 June 2022

60GB of User Data Was Exposed by Australian Trading Company ACY Securities

A Representative declared that the Exposed Server Was an “Insignificant One”

Source: 60GB of User Data Was Exposed by Australian Trading Company ACY Securities | Heimdal Security

Related incidents from Victoria and the Education and Training sector..

This seems to be the second breach from the company. Here is a breach report from the company on the 26/12/2020.
Company Statement: Your Account Security is Our Priority

ACY Securities is an Australian financial derivative trading organization that allows customers to trade Forex (FX) and CFD instruments across shares, indices, precious metals, commodities, and cryptocurrencies.

The event occurred as a result of ACY Securities’ misconfigured database. Worst of all, the data leak held more than 60GB of data that was left in the open with no security authentication.

This means that everyone with a basic understanding of how to discover unprotected databases on search engines such as Shodan can obtain complete access to ACY’s data, which includes logs from February 2020 to the present, while being constantly updated with the most recent data set.

As seen by Hackread.com, the exposed database hosted the following user data:

• Full name
• Postcode
• Full address
• Date of birth
• Name of city
• Gender details
• Email address
• Phone Number
• Hashed password
• Trading-related information like business details and more.

Upon being alerted by security researcher Anurag Sen, the company rubbished the sensitivity of the matter by labeling the exposed database as “an insignificant one.”