DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Creditseva hacked, personal and sensitive data accessed

Posted on January 5, 2018 by Lee J

Creditseva has been in the headlines before for the wrong reasons after security researcher Chris Vickery discovered that they had failed to secure a s3 instance which left tens of thousands personal details exposed.

Moving on months later and it has come to my attention that Creditseva has now come under attack by various hackers, one of which has managed to gain access to s3 buckets as well as rooting their server and defacing the website, not just once but twice.

In case you have not heard of them before CreditsServ, according to wikipedia is a credit management platform based in India, with offices in Singapore, that was launched in 2014. The service focuses on analyses of credit reports and score from its users. Creditseva got seed founding from Pix Vine Capital and Infocomm Investments in March 2016.

The breach started just before the end of in November 2017 after a user on raid forums posted a small dump of information.

Another well known hacker using the twitter alias Taylor has managed to gain access to creditseva main website server and a copy of the s3 bucket credentials. The credentials allowed the hackers to gain access to the s3 buckets that have the same information that researcher chris vickery had discovered months back and to prove this Taylor has provided cyberwarnews.info some of the data from the s3 buckets.

The Deface

The first deface on the 2/1/2018 was Taylor editing a very small sentence on the main page, this was restored back to original shortly after.

hack1

At one stage on the 2/1/2018 defaced the site with the following message only to once again it to was restored back to the original index.

creditseva

On the 4/1/2018 Taylor again decided to deface the website again but this time it was restored by creditseva who put it into maintenance mode and returned a short time later with no announcement of a breach.

backdoor

The data

Cyberwarnews.info has been given exclusive access to the data obtained by Taylor which contains personal records, copies of passports, identifications of people seeking the services of creditseva. The sample of data provided was a 768mb rar file that when expanded has three folders which represent a bucket per folder.

creditseva-folders

The first folder ‘Creditseva.com_db_backups_2018’ contains 3 further files, 1 compressed file which expands to over nearly 13gb as a raw sql file that appears to be the main database for creditseva and two other sql based files for bad loans.
Creditseva.com_db_backups_2018

The second folder ‘Creditseva.com_UserDocumnets_2018’ contains a huge amount of personal information, with 889 folders. Each folder contains a .txt file that hold that individuals personal information include names, contacts, passports, addresses, financial and other loan related information. Some of the folders also contain a copy of that individuals passport and identification.

folders

Finally the last folder ‘Creditseva.com_website_files_2018’ contains 16 items. One of the files called ‘mail’ contains thousands of raw emails, mostly server bounce reports with the exception a bunch of emails that contain applications and personal information regarding updates to users accounts.

creditseva.com_website_files_2018

The two SQL files contain various personal information as well as affiliates, affiliate payouts and commission, requests for credits, comments and status related to applications, all this information is dated back to 2014/2016, in total about 78,000 unique emails was discovered in this sql file.

When visiting the creditseva website it appears to not be fully functional and under maintenance still with all links being filled in with # and making pages like contact and about pages inaccessible as well when u visit the contact-us as indexed by Google recently it shows that it is now returning a 404 not found error, it would appear that creditseva is well aware of the fact they have been breached again and are working with restored data for the time being, if this is not the case then they might need to speak to their development team to fix their own websites design as well as security.

At time of publishing creditseva had been notified of this issue although they have not acknowledge this, updates to come when/if they do.

Category: Breach Incidents

Post navigation

← Florida colleges receive extortion demands to avert attacks on campuses (UPDATED)
PH: NPC wants private, public sectors to submit data security incident reports →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.