Massive mortgage and loan data leak gets worse as original documents also exposed
Earlier this week, a security researcher found an unprotected Elasticsearch server that exposed financial data relating to tens of thousands of current and former loan- and mortgage holders in the US. The database contained converted versions of text documents mentioning names, birth dates, address details, social security numbers and other sensitive information. The leaky server was found to belong to the American data and analytics firm Ascension.
The same researcher has since then found a second leaky database, an Amazon S3 server accessible to anyone on the Internet, that contained 23,000 PDF documents. The files were confirmed to be the original documents of the converted files that were exposed in the first data leak.