Spanish Bank EvoBanco Experiences Security Breach with Data Leak

Threat Actor: Unknown | Unknown
Victim: Spanish bank EvoBanco | EvoBanco
Price: Not mentioned in the article
Exfiltrated Data Type: User records, including sensitive information such as phone numbers and salaries

Additional Information :

  • The security breach at Spanish bank EvoBanco exposed a vulnerability in the bank’s registration process.
  • The breach allowed unrestricted access to user data through GET requests, regardless of user identity.
  • Millions of user records, including sensitive information such as phone numbers and salaries, were exposed.
  • The threat actor accuses EvoBanco of prioritizing its reputation over customer security.
  • The breach raises concerns about the bank’s commitment to transparency and accountability.
  • The threat actor threatens to publicly disclose the identities of high-ranking bank officials and employees each day until the bank acknowledges its mistake.
  • The threat actor commends other financial institutions, such as Carrefour Pass, for their proactive stance on cybersecurity.
  • The incident serves as a cautionary tale for financial institutions worldwide, emphasizing the importance of proactive cybersecurity measures and swift responses to potential threats.

In a startling revelation, a security breach at Spanish bank EvoBanco has exposed a series of lapses in data protection, put the data of millions of customers at risk. The attack begins with the discovery of a vulnerability in the bank’s registration process, allowing unrestricted access to user data through GET requests, regardless of user identity. With a straightforward brute force attack, millions of user records, including sensitive information such as phone numbers and salaries, were laid bare.

In a statement reminiscent of David versus Goliath, the actor highlights EvoBanco’s negligence in safeguarding customer data, accusing the bank of prioritizing its reputation over customer security. The breach, allegedly uncovered in a non-illicit manner, raises concerns about the bank’s commitment to transparency and accountability.

Moreover, the actor expresses sympathy for EvoBanco’s customers, who now face potential risks due to the bank’s lax security measures. In response to EvoBanco’s silence, the actor vows to escalate their efforts, threatening to publicly disclose the identities of high-ranking bank officials and employees each day until the bank acknowledges its mistake.

In their latest missive, the threat actor issues a stark warning, shedding light on potential future repercussions for the bank. They commend the proactive stance taken by other financial institutions, such as Carrefour Pass, contrasting it with EvoBanco’s reactive approach.

The incident serves as a cautionary tale for financial institutions worldwide, underscoring the importance of proactive cybersecurity measures and swift responses to potential threats. EvoBanco’s reputation hangs in the balance as the public awaits a response to the actor’s demands for accountability and dialogue.

Original Source: https://dailydarkweb.net/spanish-bank-evobanco-security-breach-gradual-release-of-data/