HQ/EMEAFind out how we can help your business
More than 128GB of customer data had been exposed to hackers after the popular QR code generator ‘My QR Code’ was revealed to have suffered a data breach incident in its systems. Reports show that the exposed database contained sensitive data of 66,000 customers.
An in-depth analysis of the security breach found that it was due to a misconfiguration that made My QR Code’s servers accessible to the public without authentication. When the company has not discovered the issue, users’ data have continually been added to the exposed database, thus increasing the exposed information to unauthorised entities.
Numerous sensitive data owned by My QR Code customers were compromised.
Researchers noted some of the leaked data included in the My QR Code security breach, which comprised customers’ login credentials, full names, job titles, email addresses, password hashes, phone numbers, URLs to QR codes, home addresses, social media profile URLs, countries of origin, and company website URLs.
The discovery of this issue originated from a routine search for misconfigured cloud databases of cybersecurity researchers via the Shodan OSINT tool. The researchers observed that new user records were added to the exposed database daily, posing heightened risks for unaware customers.
Moreover, as per the researchers’ findings, the My QR Code misconfigured server had been exposed since February 4. Although it was not clear how long it had been exposed before researchers identified the issue.
Security researchers are concerned about this exposure since cybercriminals have always been quick on their feet to look for compromised databases they can steal from and leverage for malicious activities. Some potential risk factors include the data used for identity theft, fraud, or phishing attacks.
While the company has yet to respond to requests for comment, security experts advise My QR Code platform users to stay alert and report any malicious activity that illicitly uses their information. Employing multi-factor authentication on all online accounts is also highly recommended, alongside updating passwords to stronger ones.
