Research from Jeremiah Fowler has revealed an exposed database containing 27,000 records. The database is associated with Vroom by YouX (formerly Drive IQ), an Australian fintech organization facilitating automotive financing. This was a publicly exposed Amazon S3 database without password protection or encryption. 

Additionally, Fowler discovered an internal screenshot containing information of a MongoDB storage instance containing 3.2 million documents. The researcher did not review the MongoDB, so it is currently unknown if those records were accessible. Nevertheless, the research emphasizes the potential risks of exposing database names, file storage locations, and systems designed for internal use, as it could possibly offer malicious actors a backdoor or new attack vector. 

The types of data exposed include: 

• Driver’s license 
• Bank statements (including account numbers and partial credit card numbers) 
• Employment statements 
• Medicaid cards

At this time, it is unknown if the Vroom by YouX database was accessed by anyone else before Fowler discovered it. Fowler informed the organization of the exposure and received the following response: “We’ve identified and resolved the issue causing this vulnerability so thank you for bringing it to our attention. A post incident review will be conducted shortly so we can determine the communication plan and process improvements required.”