Referreport
Address, number of children and current loan installments: All of this data from customers of the online comparison portals Verivox and Check24 was openly visible until recently. The reason for this was an enormous data leak.
The comparison portals Verivox and Check24 are in the spotlight because of serious data leaks: Until recently, customers’ sensitive personal data was easily accessible. The security deficiencies occurred in the area of credit brokering and could affect millions of people. The portal, among others, reported on this Corrective earlier this week.
Among other things, information such as name and address, income, number of children or employment relationship could be viewed. The Chaos Computer Club (CCC) pointed out the vulnerability after an anonymous IT specialist discovered the vulnerability. Both companies have reported the incidents at the request of Corrective confirmed and stated that they had immediately corrected the security deficiencies. Both providers ruled out unauthorized access to their users’ data.
Data leak at Verivox and Check24 – CCC fears millions will be affected
The incidents raise questions about data security at major providers and alarm experts because the extent of the information disclosed poses a risk of misuse. A spokesman for the CCC called the case a “super-meltdown” and called for increased review of security measures at comparison portals such as Check24. However, so far there is no evidence that data was distributed on the Internet or used criminally.
What is particularly worrying is that complete data sets containing users’ sensitive financial information were practically openly accessible with just a few simple measures, says CCC spokesman Matthias Marx: “Everyone could see where I live, how many children I have, where I work, what I earn, and how much money I currently spend on loans.”
Also interesting:
- Backup software in the test: Only a few are good
- Federal Office warns: Outdated Fritz!Box models increase the risk of malware
- Privacy and data protection issues? European Court of Justice with important personal decision
- “Realistic attack scenario”: Hacker uncovers massive security gap in “E-Perso”.
Source: German