Threat actor Fulcrumsec claims to have breached California mortgage broker Wonder Rates, Inc., exfiltrating the company’s production, development, and staging environments after finding an unsecured cloud storage environment. The leaked data reportedly contains full financial identities and sensitive PII for an estimated 3,000–7,000 U.S. families, along with proprietary lender integrations, source code, and active credentials. #Fulcrumsec #WonderRates
Keypoints
- Fulcrumsec alleges a breach of Wonder Rates, Inc. via unsecured cloud storage.
- The actors claim to have exfiltrated production, development, and staging environments.
- Exposed data reportedly includes full names, DOBs, SSNs, driver’s license scans, and financial records for 3,000–7,000 families.
- Proprietary assets were allegedly taken, including a rate engine source code, lender integration files, and United Wholesale Mortgage configurations.
- Active production database credentials and AWS access keys were reportedly included, and real borrower PII was used in the development environment.
Read More: https://dailydarkweb.net/wonder-rates-data-breach-exposes-sensitive-mortgage-data/