Researchers from vpnMentor have uncovered a massive database containing over 500,000 highly sensitive and private legal and financial documents, which were stored in an unprotected AWS S3 bucket.
The database appears to be linked to MCA Wizard, an iOS and Android app developed by two companies: Advantage Capital Funding and Argus Capital Funding (which appear to be the same company under two different names). According to researchers, the MCA Wizard app was lauched in 2018 and is no longer available for download.
“MCA” (Merchant Cash Advance), is a type of financial instrument used to provide loans and credit advances to small business owners.
The exposed database totaled 425Gb of data, including credit reports, contracts, bank statements, driver’s licenses, legal paperwork, tax returns, purchase orders, transaction reports for payment cards and merchant accounts, scanned copies of bank checks, social security information, and access information for bank accounts.
Upon discovering the leaked database the researchers attempted to inform the companies about the breach, but were unable to contact them. Eventually, vpnMentor notified AWS directly, and the access to database was removed shortly after.