Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Privacy Technology

Mexican Tax Refund Site Left 400GB of Sensitive Customer Info Wide Open ( 18

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. From a report: A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of sensitive information could be either downloaded or viewed because of a lack of access controls before the system was recently secured.
This discussion has been archived. No new comments can be posted.

Mexican Tax Refund Site Left 400GB of Sensitive Customer Info Wide Open

Comments Filter:
  • by sls1j ( 580823 ) on Friday September 08, 2017 @02:25PM (#55160681) Homepage
    I guess Mexico will be paying for the wall after all.
    • by halivar ( 535827 )

      You mean a FIREwall... am I right? Am I right? You get it? Just wondering: did we get rid of downvotes? I sure hope so.

  • by Anonymous Coward
    Dirty Mexican companies like MoneyBack just leave their customer data exposed to everyone, so anyone can download it! Good wholesome American companies like Equifax would never do something that dumb.
  • Question: (Score:3, Funny)

    by lq_x_pl ( 822011 ) on Friday September 08, 2017 @02:27PM (#55160691)
    When did equifax open up its Mexico office?
  • by datavirtue ( 1104259 ) on Friday September 08, 2017 @02:34PM (#55160737)

    An unsecured ("misconfigured") document database left publicly accessible? I'm shocked!

    The "misconfiguration" of these datumbase are the default.

  • by Chris Katko ( 2923353 ) on Friday September 08, 2017 @03:08PM (#55160907)

    ...I have no idea what to do. Almost every two weeks there's another major breach--that we KNOW of.

    We basically have two choices. Use NOTHING in the modern world--not just websites but anything. Cellphones were hacked. CREDIT TRACKING companies were hacked. Everything. Or, basically just accept you're entire life is online even if you never post anything.

    The third option would be, if we lived in a rational world with a non-inept government, would be to PIN THEIR ASSES TO THE WALL (the companies) until SECURITY becomes such a financial liability that full-time qualified security engineers (with regular 3rd party pentesting) are a business requirement for every medium to large size company. Make that shit LEGAL and the companies will follow.

    But who am I kidding? Congress is a bunch of fucking retards. And the DOJ hasn't been pinning companies asses to the wall since Eric Holder got into Office. And I'm NO Bush fan! But remember when Enron management... WENT TO JAIL? Statistically (google it) prosecution of white collar crimes have dropped >20% AND this is at a time when we had the one of the largest financial collapses in our countries history and NO ONE GOES TO JAIL!? No laws change?! Nothing?!

  • ...does "Mexican tax refund" sound like a euphemism for something not at all related to taxes?

You will lose an important disk file.