All your consumer loans and personal data “in one place” ...

    We continue the marathon of leaks from Russian databases left by their owners in the public domain.



    This time, a MongoDB database was found that does not require authentication, with personal data and photos of borrowers from the Southern, Ural and Volga federal districts and all their loan applications.


    Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Скриншоты взяты либо из открытых источников, либо были предоставлены автору доброжелателями.

    The database, about 158 ​​GB in size, contained 74 collections and, according to the BinaryEdge search engine ( I wrote a separate article about how Elasticsearch and MongoDB open databases are discovered), was freely available for at least 11 days.



    By indirect indications, an assumption was made regarding a possible owner of the database: all (5042) users from the users collection had email addresses on @ poslogic.pro and @ finservice.pro domains and, moreover, the database IP address differed only by 1 from the IP website addresses www.finservice.pro .


    On the website www.finservice.pro it is written:


    Finservice has been operating since 2012 and is a leading independent financial broker in the field of POS lending in the Russian market. At the moment, Finservice is part of a large diversified holding, has more than 200 employees and is actively expanding to all regions of Russia.
    We are the developer and copyright holder of the market leading POS-lending platform - Poslogic. The platform is integrated with all the leading banks in this segment and allows you to optimize the processes associated with the issuance of consumer loans, increase the revenue of trading organizations and satisfy any customer requests.

    Googled what POS lending is (information from www.banki.ru ):


    POS-lending (POS - Point Of Sale) - the direction of the retail business of banks, providing for the issuance of loans for certain goods directly at points of sale. This business is considered highly profitable, but at the same time highly risky. Typically, such loans are distinguished by high interest rates - more than 30%, but at the same time, quick decision-making (up to an hour).

    The company did not respond to my e-mail messages, via Facebook Messenger, or through a public post on Facebook. The mail info@finservice.pro , indicated on the site, does not work at all, it is neglected in social networks. I had to search the site for mail employees and write on it. Of course, no answer came ...


    However, on March 21 at about 5 pm (Moscow time) the database disappeared from public access. I would also like to note that during the observation the database was constantly updated and supplemented with new entries. For example, in one day more than 50 new loan applications appeared in it.


    The database contained:


    • More than 294 thousand borrowers: name, place of birth, date of birth, number of children, number of dependents, mother's maiden name, married or not, education, mobile phone number, landline phone number, email address, registration address, address of the actual place residence, full passport details.


    All borrowers were from the Southern, Ural and Volga Federal Districts (residential addresses).


    • More than 183 thousand data on loans: loan size, loan status, date of issue, bank ID, borrower ID, loan payment schedule, etc.


    • More than 819 thousand scanned documents: document type, file name, link to a JPG file, status, date, etc.


      { 
      "_id" : ObjectId("5c925eb52fc14e00019d1907"), 
      "_type" : "QuestionaryDocumentScan", 
      "doctype" : "pd_agreement", 
      "title" : "Соглашение об обработке персональных данных", 
      "filename" : "1.jpg", 
      "status" : NumberInt(0), 
      "status_text" : "Загружен", 
      "questionary_id" : ObjectId("5c925c8a4624cb000141cfb5"), 
      "sent" : false, 
      "required_resend" : false, 
      "scan" : "5c925eb52fc14e00019d1907.jpg", 
      "updated_at" : ISODate("2019-03-20T15:39:33.591+0000"), 
      "created_at" : ISODate("2019-03-20T15:39:33.591+0000")
      }

    • Over 246 thousand photos of people applying for loans taken from webcams at points of sale in JPG format.




    (faces distorted for the article)


    • More than 5 thousand internal users of the system: name, date of birth, username and hashed password, mobile phone, email addresses on @ poslogic.pro and @ finservice.pro domains .


    • More than 2.5 thousand partners (apparently points of sale of goods for which loans were taken): name, bank details, actual address, legal address, contacts, etc.


    • More than 1 thousand loan products: name, bank identifier, commission size, etc.


    • A very small (862) “black list” of borrowers.


    • and a lot of other information containing personal data.

    News about information leaks and insiders can always be found on my Telegram channel “ Information leaks ”.


    Also popular now: