An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research team has discovered.
The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed. Businesses employ MongoDB to organize and store large swaths of document-oriented information.
According to our team, the specific database was populated with data about customers from Dubai. The exposed database hosted over 100K links with scanned documents hosted on a Goyzer domain.
CyberNews has reached out to Goyzer for comment but have yet to receive a response before publishing this article.
The team discovered that the now-closed database contained details such as:
- Names
- Emails
- Phone numbers
- Scanned copies of receipts, checks, contracts, and IDs
The team believes that malicious actors could employ this type of data for identity theft, phishing attacks, or even commit financial fraud. The total number of exposed individuals appears to stand at 690,000.
“The compromised documents, including contracts and IDs, amplify the risk of targeted scams and unauthorized access to personal and financial accounts. Companies should always employ robust security measures to safeguard sensitive data and protect individuals from potential harm,” researchers said.
Cybercriminals may try to enhance the precision of their attacks by collating different data points to form a fuller picture of the victim.
Goyzer claims to provide technological solutions for real estate developers, property managers, and brokers.
During this period, another case has garnered attention. Cybersecurity researcher Jeremiah Fowler discovered an unprotected database associated with Estate Wealth Network. The archive, totaling 1.16 terabytes, housed over 1.5 billion records.
The Estate Wealth Network database also included real estate ownership data for celebrities and politicians.
About the author: Vilius Petkauskas, Deputy Editor at CyberNews
Original post at:
https://cybernews.com/security/dubai-real-estate-agency-data-leak/
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Secure Traffic Scanning Feature)