skip to Main Content

Free Newsletter: Actionable insight every morning for the self-directed investor. Find out more

Join

White hat hackers have unveiled a major leak of customer data by online forex broker FBS Markets. This includes millions of confidential records, including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more.

Details of the security breach, which has since been rectified after the broker was alerted, were revealed by Chase Williams, a white hat hacker and website security expert, on the website WizCase. At this stage it is not clear whether any of the leaked data has been used for fraudulent purposes by bad actors.

Leak uncovered as part of ongoing probe into server security

The data leak was uncovered as part of an ongoing WizCase research project that scans for unsecured servers, and seeks to establish who the owners of those servers are. WizCase notified FBS of the issue.

Williams said that FBS left a server containing almost 20 TB of data and over 16bn records exposed. Despite containing very sensitive financial data, the server was left open without any password protection of encryption. WizCase’s team said the FBS information “was accessible to anyone.”

“The breach is a danger to both FBS and its customers,” WizCase said. “User information on online trading platforms should be well secured to prevent similar data leaks.”

The Armchair Trader reached out to FBS for comment. The broker said:

“The protection of our clients’ privacy is one of the core values of FBS, and we stick to the highest protection standards. FBS has never had such major accidents. In October 2020 we faced an overheating on the server which affected our logs recording. During the time when we were setting up a new ElasticSearch server, several wrong subnet masks were added accidentally, which led to the possibility to access the server for a very limited number of people only, in a certain part of the world.”

FBS added that it had carried out a technical audit and that to its knowledge no data had been downloaded. It has contacted the clients affected and whose data might have been compromised and advised them on what to do. If you are a client of FBS Markets and are concerned about the data breach, you are encouraged to contact your client liaison at FBS as soon as possible.


FBS has also shifted to a more encrypted VPN and has installed an intrusion detection system. New rules for working with the forex broker’s infrastructure have been applied and other security measures have also been implemented.

What can stolen data be used for?

WizCase said the data uncovered could be used for a variety of purposes by bad actors, including accessing other trading and investment platforms and impersonating the owner of the account. Leaked contact information can also be used to launch scam, phishing and malware attacks against FBS users. The data could be used as the basis for establishing trust in order to encourage clicks, malware downloads and the availing of more confidential information.

The data could also be leveraged for less sophisticated crimes, including blackmail, burglary and business espionage. It could also be used to take over accounts, especially if a trader uses the same password and ID across multiple forex trading accounts.

Related

Become a better investor with SharePad Designed to give you the confidence to pick your own investments, Sharepad gives you access to a wealth of information on UK, US & European stocks. Find out more

Please note this article does not constitute investment advice. Investors are encouraged to do their own research beforehand or consult a professional advisor.

Stuart Fieldhouse

Stuart Fieldhouse

Stuart Fieldhouse has spent 25 years in journalism and marketing, including as a wealth management editor for the Financial Times group, covering capital markets and international private banking, and as an investment banking correspondent for Euromoney in Hong Kong. He was the founder editor of The Hedge Fund Journal.

Stuart has worked at CMC Markets, supporting the re-launch of its global financial spread betting and CFD trading platforms. He is also the author of two books on trading, published by Financial Times Pearson. Based in The Armchair Trader’s London office, Stuart continues to advise fund managers, private banks, family offices and other financial institutions.

Stocks in Focus

Here are some of the smaller companies we are following most closely. They all represent significant growth stories in our view. Our in-depth reports go into more detail on why we like them.

Comments

This Post Has One Comment

  1. So did they get a fine? Probably not and if they did it would be so small as not to matter and so it goes on. No incentive to have the security in place that should have been there in the first place. We know this because they always tell us after what they have done to improve and the reality is it should always have been there!

Comments are closed.


Back To Top