32 GB of sensitive data leaked by Uganda Security Exchange

The principal stock exchange in Uganda, the Uganda Securities Exchange (USE), has been caught leaking highly sensitive financial and sensitive data of customers and business entities across the globe.

Reportedly, a server exposing more than 32GB worth of data to public access. According to researchers, the server belonged to the Uganda Security Exchange’s Easy Portal.

There are other ports running on the server which opened the link to the bank of Baroda – which is Indian based company operating in Uganda. Also, it is registered under the Uganda security exchange.

The exposed records were of sensitive nature. The worse part of the data leak is the fact that the server was left exposed without any security authentication.

This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to USE’s data including the following:

Full name
Usernames
Home address
Date of birth
Access tokens
Phone Number
Email Address
Plaintext passwords
ID number of Users
Bank details, including ID and account number.

On June 12th, 2022, the 32GB worth of data was reduced to MBs. It could be that authorities wanted to keep the incident under wraps to avoid criticism from local media and entities affected by the breach. Nevertheless, at the time of publishing this article, the exposed server was secured and its IP addresses were no longer accessible to the public.

In the same time, a major hospital in Yuma, Arizona is sending notification letters to more than 700,000 patients after a ransomware attack in April lead to a data breach involving Social Security numbers.