Kreditech, a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online.
Earlier this month, a source pointed KrebsOnSecurity to a Web site reachable only via Tor, a software package that directs Internet traffic through a free, global network of relays. That page, pictured in screen shot to the right, included links to countless documents, scanned passports, drivers licenses, national IDs and credit agreements apparently taken from Kreditech’s servers.
The site announced that a group of hackers calling itself “A4” put the information online after finding “hundreds of gigabytes” of Kreditech’s documents, including what appear to be configuration files from the company’s Intranet and internal servers.
“The company, getting multimillion investments, probably decided to spend them for anything but security of their clients’ data,” the hacker group wrote. “As explain by a member of A4, not that the company’s security is at a low level, it is absent as such.All data to which the group А4 got access will be put online in open access although its curb price is rather considerable.”
Anna Friedrich, head of communications at the Hamburg, Germany-based lender, acknowledged that the company had an “isolated internal security incident” in November 2014, and that Hamburg police are investigating.
Friedrich said Kreditech believes the data was stolen not from customers but only from credit applicants. She added that Kreditech believes the information was leaked from within by someone who worked at the company — although she declined to say whether the suspect was a current or former employee.
“There is no access to any customer data,” Friedrich said. “This incident stemmed from a form on our Web site that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share. ”
Corey Wells, the 19-year-old security researcher from West Virginia who alerted this author to the compromise, said he discovered the breach after building a crawler to identify and index Web sites on the Tor network.
The hacker group didn’t say how it obtained the documents. Wells said the leaked data includes raw logs from a system that appears to have been running MongoDB, a cross-platform document-oriented database. Those logs include a date and time stamp of Aug. 19. 2014, suggesting the breach may have started seven months ago. Continue reading →