Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mexican Tax Refund Site Left 400GB of Sensitive Customer Info Wide Open (theregister.co.uk)

Posted by msmash on from the security-woes dept.

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. From a report: A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of sensitive information could be either downloaded or viewed because of a lack of access controls before the system was recently secured.

18 comments

  1. Pay for the Wall by sls1j · · Score: 2

    I guess Mexico will be paying for the wall after all.

    1. Re:Pay for the Wall by halivar · · Score: 2

      You mean a FIREwall... am I right? Am I right? You get it? Just wondering: did we get rid of downvotes? I sure hope so.

  2. This is why we need a wall. by Anonymous Coward · · Score: 1

    Dirty Mexican companies like MoneyBack just leave their customer data exposed to everyone, so anyone can download it! Good wholesome American companies like Equifax would never do something that dumb.

  3. Question: by lq_x_pl · · Score: 2, Funny

    When did equifax open up its Mexico office?

    --
    An internal system operation returned the error "The operation completed successfully.".
  4. Document Databases by datavirtue · · Score: 2

    An unsecured ("misconfigured") document database left publicly accessible? I'm shocked!

    The "misconfiguration" of these datumbase are the default.

    --
    I object to power without constructive purpose. --Spock
    1. Re:Document Databases by toejam13 · · Score: 2

      It'll continue to happen as long as nobody important goes to jail for the breaches.

  5. False flag by Anonymous Coward · · Score: 0

    The US Government wants everyone to be AFRAID of their identity..

    Then they can get a law where everyone has to have a national ID - with a picture, pass code and thumb print - to do anything.

    And then they can track EVERYTHING we do.

    Deep state? Nope.

    Deep laziness? Yep. Suck it: FBI. NSA, DEA, IRS, ATF, and, others ....

  6. I'm honestly frustrated... by ckatko · · Score: 2

    ...I have no idea what to do. Almost every two weeks there's another major breach--that we KNOW of.

    We basically have two choices. Use NOTHING in the modern world--not just websites but anything. Cellphones were hacked. CREDIT TRACKING companies were hacked. Everything. Or, basically just accept you're entire life is online even if you never post anything.

    The third option would be, if we lived in a rational world with a non-inept government, would be to PIN THEIR ASSES TO THE WALL (the companies) until SECURITY becomes such a financial liability that full-time qualified security engineers (with regular 3rd party pentesting) are a business requirement for every medium to large size company. Make that shit LEGAL and the companies will follow.

    But who am I kidding? Congress is a bunch of fucking retards. And the DOJ hasn't been pinning companies asses to the wall since Eric Holder got into Office. And I'm NO Bush fan! But remember when Enron management... WENT TO JAIL? Statistically (google it) prosecution of white collar crimes have dropped >20% AND this is at a time when we had the one of the largest financial collapses in our countries history and NO ONE GOES TO JAIL!? No laws change?! Nothing?!

    1. Re:I'm honestly frustrated... by Anonymous Coward · · Score: 0

      Equifax is too big to fail, even though we have high-availability in our credit reporting agencies.

      See, if we kill Equifax, we're down to two. And if we lose another one, the last agency will get absofuckinglutely slammed with the full load, and crap out.

      So you see, we must not only keep Equifax around, we should reward them.

    2. Re:I'm honestly frustrated... by Anonymous Coward · · Score: 0

      Congress is a bunch of fucking retards.

      No, congress is elected by a bunch of fucking retards! Nobody can make democracy look worse than the voters who keep reelecting these assholes.

      And nobody cares what happens the Enron's middle management. So what if they have to throw one or two under the bus. The boys on top are still on top.

  7. With Mexican bureaucracy by Anonymous Coward · · Score: 0

    400GB covers about 8 or 9 customers... Oh lordy! If you all only knew how many pages of crap you have to fill out...

  8. And once again...another ironic breach by Anonymous Coward · · Score: 0

    Justin time for the end of DACA.

  9. This begs the question. by Anonymous Coward · · Score: 0

    Since when does any Mesican pay taxes?

  10. "Hey guys!" by Anonymous Coward · · Score: 0

    "Nobody will care because we're not Equifax!"

  11. DACA by Anonymous Coward · · Score: 0

    DACA...is CACA

  12. Re: "...these datumbase..." by slashrio · · Score: 1

    funny :)

    --
    "Trump!!", the new Godwin.
  13. Is it me, or... by Shoten · · Score: 1

    ...does "Mexican tax refund" sound like a euphemism for something not at all related to taxes?

    --

    For your security, this post has been encrypted with ROT-13, twice.