Skip to content

Forex broker accidentally leaks millions of customer records

Forex broker accidentally leaks millions of customer records

White hat hackers have unveiled a major leak of customer data by online forex broker FBS Markets. This includes millions of confidential records, including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more.

Details of the security breach, which has since been rectified after the broker was alerted, were revealed by Chase Williams, a white hat hacker and website security expert, on the website WizCase. At this stage it is not clear whether any of the leaked data has been used for fraudulent purposes by bad actors.

Leak uncovered as part of ongoing probe into server security

The data leak was uncovered as part of an ongoing WizCase research project that scans for unsecured servers, and seeks to establish who the owners of those servers are. WizCase notified FBS of the issue.

Williams said that FBS left a server containing almost 20 TB of data and over 16bn records exposed. Despite containing very sensitive financial data, the server was left open without any password protection of encryption. WizCase’s team said the FBS information “was accessible to anyone.”

“The breach is a danger to both FBS and its customers,” WizCase said. “User information on online trading platforms should be well secured to prevent similar data leaks.”

The Armchair Trader reached out to FBS for comment. The broker said:

“The protection of our clients’ privacy is one of the core values of FBS, and we stick to the highest protection standards. FBS has never had such major accidents. In October 2020 we faced an overheating on the server which affected our logs recording. During the time when we were setting up a new ElasticSearch server, several wrong subnet masks were added accidentally, which led to the possibility to access the server for a very limited number of people only, in a certain part of the world.”

FBS added that it had carried out a technical audit and that to its knowledge no data had been downloaded. It has contacted the clients affected and whose data might have been compromised and advised them on what to do. If you are a client of FBS Markets and are concerned about the data breach, you are encouraged to contact your client liaison at FBS as soon as possible.


FBS has also shifted to a more encrypted VPN and has installed an intrusion detection system. New rules for working with the forex broker’s infrastructure have been applied and other security measures have also been implemented.

What can stolen data be used for?

WizCase said the data uncovered could be used for a variety of purposes by bad actors, including accessing other trading and investment platforms and impersonating the owner of the account. Leaked contact information can also be used to launch scam, phishing and malware attacks against FBS users. The data could be used as the basis for establishing trust in order to encourage clicks, malware downloads and the availing of more confidential information.

The data could also be leveraged for less sophisticated crimes, including blackmail, burglary and business espionage. It could also be used to take over accounts, especially if a trader uses the same password and ID across multiple forex trading accounts.

Share this article

Invest with these platforms

Hargreaves Lansdown

IG

Interactive Brokers

Interactive Investor

Charles Stanley

IG

Interactive Brokers

Charles Stanley

Looking for great investing ideas? Get our free newsletter.
Join our UK news channel on WhatsApp

This article does not constitute investment advice.  Do your own research or consult a professional advisor.

Learn with our free 'How to' Guides

Our latest in-depth company reports

On the podcast

Sign up for great investing stock tips

Thanks to our Site Partners

Our partners are established, regulated businesses and we are grateful for their support.

Aquis
CME Group
FP Markets
Pepperstone
Admiral Markets

TMX
WisdomTree
ARK
FxPro
CMC Markets
Back To Top