- A database containing whole behavioral and monetary profiles of individuals and companies was left unsecured on-line
- Researchers declare it belongs to a Danish fintech agency
- The agency denies having something to do with the archive
An infinite database, containing tens of millions of extremely delicate info on Swedish residents, was sitting on the open web, out there for anybody who knew the place to look.
Cybernews researchers lately uncovered a misconfigured Elasticsearch server which they described as a “goldmine of enterprise intelligence knowledge”, containing a whole bunch of tens of millions of extremely detailed data belonging to Swedish people and organizations.
It was attributed it to a enterprise intelligence specialist, however the firm denied having something to do with the archive.
Who owns the info?
In complete, the info created an in depth monetary and behavioral profile of each residents, and organizations, in Sweden.
Total, it contained greater than 100 million knowledge data, generated between 2019 and 2024, and unfold throughout 25 indices.
This contained individuals’s names (together with historical past of earlier names), Swedish private identification numbers, dates of delivery, gender, tackle historical past (each domestically and overseas), civil standing, details about deceased people, overseas addresses (for emigrants), debt data, fee remarks, chapter historical past, property possession indicators, revenue tax, exercise and occasion logs, monetary knowledge, and behavioral knowledge.
Cybernews’ researchers attributed the server to Risika, a Danish fintech firm providing real-time credit score evaluation, threat monitoring, and monetary threat intelligence for companies.
Signal as much as the TechRadar Professional e-newsletter to get all the highest information, opinion, options and steering what you are promoting must succeed!
They declare using inside “dwh*” tags, and product-oriented index names “matched the conventions of recognized Risika merchandise”.
Nonetheless, the researchers additionally declare the database was doubtless operated by a downstream third-party, after Risika “legitimately supplied” the info below a business license, “solely to be misconfigured and left uncovered”.
The researchers reached out to Risika, and the database was locked down the next day.
Within the meantime, the corporate replied, stating that it had nothing to do with the archives:
“Our preliminary investigation signifies that the info referenced within the reported leak accommodates info that we don’t personal, retailer, or have entry to by way of our enterprise operations. This means that our programs will not be the supply of this explicit knowledge breach,” the corporate’s spokesperson informed the researchers.
You may also like
- Over 16 billion data leaked in "unimaginable" main knowledge breach – right here's what we all know
- Check out our information to the most effective authenticator app
- We've rounded up the most effective password managers