alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~126~~	Closed	~~Title: Public Exposure of Sensitive Bank Details via PD~~ ...	aakarshxmishra	Task Description Description: I discovered a publicly accessible PDF file containing sensitive financial and personal information at the following URL: https://share.alwaysdata.com/IBAN.pdf AND https://static.alwaysdata.com/docs/IBAN.pdf The document exposes Personally Identifiable Information (PII) and sensitive banking details, including the International Bank Account Number (IBAN), Bank Identifier Code (BIC), account holder's name, and address. This information could be exploited for unauthorized transactions, fraud, and privacy violations. Steps to Reproduce: 1. Navigate to the URL: [https://static.alwaysdata.com/docs/IBAN.pdf] and [https://share.alwaysdata.com/IBAN.pdf] 2. Download the file (IBAN.pdf). 3. Open the file to view the sensitive details Impact: • Financial Risks: An attacker could misuse the exposed banking details for unauthorized transactions or fraudulent activities. • Privacy Concerns: The document discloses the account holder’s name and address, increasing the risk of phishing or other targeted attacks. • Legal Compliance: Public exposure of such information may violate data protection regulations, such as the GDPR (General Data Protection Regulation) in the EU. Mitigation: 1. Immediately remove the file from public access. 2. Audit all publicly accessible files to ensure sensitive information is not exposed. 3. Use preventive measures like robots.txt or noindex tags to prevent indexing by search engines. 4. Review the system to ensure sensitive files are stored securely and not inadvertently exposed. Severity: High – This issue involves the public disclosure of sensitive financial and personal information, which could lead to significant harm if exploited. Suggested Timeline for Fix: Immediate – This issue should be prioritized for resolution to prevent potential abuse. Hope this will be fixed soon. Do let me know if you need any further assistance. NOTE: While Making this report public please make sure to mask or remove the sensitive information that is written in the report. Thanks Best Regards Aakarsh Mishra

~~126~~

Closed

~~Title: Public Exposure of Sensitive Bank Details via PD~~ ...

Task Description

Description:

I discovered a publicly accessible PDF file containing sensitive financial and personal information at the following URL:
https://share.alwaysdata.com/IBAN.pdf AND https://static.alwaysdata.com/docs/IBAN.pdf

The document exposes Personally Identifiable Information (PII) and sensitive banking details, including the International Bank Account Number (IBAN), Bank Identifier Code (BIC), account holder's name, and address. This information could be exploited for unauthorized transactions, fraud, and privacy violations.

Steps to Reproduce:

1. Navigate to the URL: [https://static.alwaysdata.com/docs/IBAN.pdf] and [https://share.alwaysdata.com/IBAN.pdf]
2. Download the file (IBAN.pdf).
3. Open the file to view the sensitive details

Impact:

• Financial Risks: An attacker could misuse the exposed banking details for unauthorized transactions or fraudulent activities.
• Privacy Concerns: The document discloses the account holder’s name and address, increasing the risk of phishing or other targeted 
        attacks.
• Legal Compliance: Public exposure of such information may violate data protection regulations, such as the GDPR (General Data 
        Protection Regulation) in the EU.

Mitigation:

1. Immediately remove the file from public access.
2. Audit all publicly accessible files to ensure sensitive information is not exposed.
3. Use preventive measures like robots.txt or noindex tags to prevent indexing by search engines.
4. Review the system to ensure sensitive files are stored securely and not inadvertently exposed.

Severity: High – This issue involves the public disclosure of sensitive financial and personal information, which could lead to significant harm if exploited.

Suggested Timeline for Fix: Immediate – This issue should be prioritized for resolution to prevent potential abuse.

Hope this will be fixed soon.
Do let me know if you need any further assistance.

NOTE: While Making this report public please make sure to mask or remove the sensitive information that is written in the report.

Thanks
Best Regards
Aakarsh Mishra

Showing tasks 1 - 1 of 1 Page 1 of 1

All Projects

Available keyboard shortcuts

Tasklist

Task Details

Task Editing