WizCase reported today a major data leak from FBS Forex broker dating back to October 1, 2020. According to WizCase, the leak consisted of an unprotected ElasticSearch server exposed to the Internet. Although the vulnerability was fixed by FBS on October 5, there is no telling who had managed to access the data before it was fixed. Chase Williams from WizCase writes:
For everyone else, this leak teaches us the importance of keeping as much of your information private as possible. Avoid sending sensitive private information to brokers if you can. If you are sharing personally identifiable information with brokers, make sure they are doing everything possible to protect it from unauthorized access.
If you registered with FBS prior to October 5, chances are your sensitive information could have been leaked to unauthorized third-parties. In that case, it is recommended that you change your password and, if you were using the same password as on FBS on other websites, change it there too. If you sent FBS scans of your credit card, you probably need to contact your bank to secure or re-order your card.
For everyone else, this leak teaches us the importance of keeping as much of your information private as possible. Avoid sending sensitive private information to brokers if you can. If you are sharing personally identifiable information with brokers, make sure they are doing everything possible to protect it from unauthorized access.
