A recent discovery by cybersecurity researcher Jeremiah Fowler has shed light on a sensitive data exposure involving the Australian fintech company Vroom by YouX, formerly known as Drive IQ.
Fowler, reporting to Website Planet, discovered a publicly accessible Amazon S3 bucket containing a staggering 27,000 records. This database, lacking essential security measures like password protection and encryption, held a treasure trove of sensitive personal information, including driver’s licenses, medical records, employment statements, and bank details.
The exposed data was quite alarming, revealing “bank statements that contain account numbers and partial credit card numbers” readily available. Fowler’s findings also pointed towards an internal screenshot indicating the existence of a separate MongoDB storage instance holding 3.2 million documents.
While the accessibility of this additional storage remains unknown, its exposure, Fowler noted, presents “numerous potential risks” allowing cybercriminals to identify internal data storage locations, and therefore create “an additional attack vector or backdoor deeper into a network.”
Vroom’s Quick Response
Upon discovering the vulnerability, Fowler promptly notified Vroom, which swiftly restricted public access to the database. The company’s response, acknowledging the issue and promising a post-incident review, highlighted the seriousness of the situation.
“We’ve identified and resolved the issue causing this vulnerability, so thank you for bringing it to our attention,” the company stated.
Vroom, launched in 2022 as Drive IQ, is an AI-powered dealership finance platform that streamlines vehicle financing by matching customers with lenders. The platform reviews customer information, credit information, and vehicle details to provide pre-approved finance offers. The exposed records, dating from 2022 to 2025, highlight the company’s handling of highly sensitive customer data.
The exposed information, including identity and financial documents, poses significant risks for fraud, including targeted social engineering, fraudulent accounts, loan applications, and impersonation, Fowler noted. Partial credit card numbers can also be used to complete missing details through cross-referencing or targeted phishing scams.
“I imply no wrongdoing by Vroom, Drive IQ, YouX, or any contractors, affiliates, or related entities,” Fowler writes in their blog post.
He recommended that fintech companies implement stronger and more reliable security measures like end-to-end encryption, access controls, multi-factor authentication, and regular security audits. He also advocates for data minimization policies, urging companies to “collect and store active data while deleting outdated records.”
Affected individuals must monitor their accounts, report suspicious activity, and verify the authenticity of unexpected requests for personal or financial information.
Misconfigured Databases and Ransomware Attacks
Nevertheless, the incident occurred at a time when the fintech industry is facing increasing cybersecurity threats, with an increasing percentage falling victim to ransomware, reveals Sophos research.
It is also worth noting that top cybercrime groups like ShinyHunters and Nemesis have also been spotted exploiting exposed cloud storage services, especially AWS, for their large-scale cyber attacks and data breaches. Therefore, proper configuration and implementing cybersecurity practices are important to protect your online infrastructure. These include:
- Enable Strong Access Controls: Make sure you’re using strong authentication methods like multi-factor authentication (MFA) and role-based access control (RBAC). Limit user permissions to only what’s necessary, and regularly review who has access.
- Automate Security Checks: Use automated tools to scan your cloud configurations regularly. Services like AWS Config, Azure Security Center, or third-party tools can spot vulnerabilities or misconfigurations before they become a problem.
- Encrypt Data Both In Transit and At Rest: Always use encryption to protect your data, whether it’s moving across networks or sitting in storage. This way, even if data is accessed improperly, it’s much harder for attackers to read or misuse it.
- Monitor and Log Activity: Set up comprehensive logging and monitoring to keep track of what’s happening on your cloud servers. Tools like CloudTrail (AWS) or Azure Monitor can alert you to suspicious activity or unauthorized changes.
- Conduct Regular Security Audits and Testing: Don’t just set it and forget it. Regularly audit your configurations and run penetration tests to identify and fix weaknesses. Keep your cloud environments updated with the latest security patches.
