Security researchers discovered an Elasticsearch server belonging to Freedom Mobile, Canada’s fourth largest cell network, that contained five million logs of customer data. The data was exposed without a password and includes full credit card numbers, expiration dates and verification numbers stored in plaintext as well as customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types and account numbers. None of the data was encrypted. The logs also include credit checks filed through Equifax and includes details of whether an application was accepted or rejected and why. A spokesperson for the company said about 15,000 customers were affected by this incident.
Trevor Morgan, Product Manager , comforte AG
"Email addresses, usernames and hashed passwords are valuable information if they fall into the wrong hands. "