Billions of Records Belonging to an Online Trading Broker Have Been Leaked

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Researchers at WizCase have discovered a massive data leak that belongs to FBS, a Cyprus-based online trading broker used by millions of traders in over 190 countries. The leak includes sensitive personally identifiable information (PII), financial information, government documents, numbers, and even passwords in plaintext form.

The data exposure lasted for at least a few days before FBS responded to WizCase’s report and secured the ElasticSearch server that was left open to access by anyone due to a misconfiguration.

The leaking database contained 20 TB of data and 16 billion records, comprising the following:

Source: WizCase
Source: WizCase

The financial details include the full transaction data such as the deposited money, currency, payment system, transaction IDs, account IDs, transaction dates, number of times money was deposited, last deposit amount, last deposit date, total deposit, credit, balance, last month’s balance, interest rate, taxes, equity and margin free. Some of them are quite large, reaching up to half a million USD.

The reasons why FBS held this data are mostly related to regulations, as anti-laundering laws dictate certain “know-your-customer” requirements. However, managing this data with matching caution and responsibility is crucial - otherwise, companies could end up with catastrophic leaks like the present one. The firm should also be subject to investigation from European data protection offices now as the leak constitutes a violation of the GDPR.

The consequences for the exposed individuals are grave, ranging from identity theft and banking fraud to scams, phishing, blackmailing, and even business espionage. The details that have been exposed are just too revealing, and mitigating the risks now is very complicated - if at all possible.

If you were using FBS, you should reset all your passwords, enable 2FA, and monitor your bank account activity closely. Also, use a VPN at all times, set up an internet security solution, and treat all incoming communications with extra caution.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: