Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
The vulnerability remained open until researchers noticed it.
Cybernews researchers have discovered a vulnerability in the system of Brazil's largest bank, Braza Bank, which has left its data open to cyberattacks. The team found that a configuration file (.env) was available on the network, containing sensitive information necessary for the operation of banking services. This file was available for ten months, which created serious security risks for both the bank and its customers.
The Braza Group, of which the bank is a part, also includes Braza UK in the UK, Braza PT in Portugal, Braza Tech and the CloudBreak multi-currency account service. An open file could provide attackers with access to key bank systems, such as authentication services, cloud data storage, APIs, and notification services.
The contents of the file included sensitive data such as authentication keys, API access data, and email service configurations. This posed a threat to bank users, as attackers could gain unauthorized access to personal information, send phishing messages, and even manipulate authentication systems.
Cybernews experts stressed that a leak of this kind could lead to serious consequences: attackers could use vulnerabilities to carry out attacks and access confidential data. They also noted the importance of protecting configuration files to prevent such incidents.
After discovering the vulnerability, the Cybernews team contacted Braza Bank, which immediately closed access to the file. In an official statement, the bank said that the leak did not affect internal data, as the compromised keys were already outdated or not privileged enough to cause harm.
Braza Bank also said that it has strengthened cybersecurity measures and improved internal processes to prevent similar incidents in the future.
Source
Cybernews researchers have discovered a vulnerability in the system of Brazil's largest bank, Braza Bank, which has left its data open to cyberattacks. The team found that a configuration file (.env) was available on the network, containing sensitive information necessary for the operation of banking services. This file was available for ten months, which created serious security risks for both the bank and its customers.
The Braza Group, of which the bank is a part, also includes Braza UK in the UK, Braza PT in Portugal, Braza Tech and the CloudBreak multi-currency account service. An open file could provide attackers with access to key bank systems, such as authentication services, cloud data storage, APIs, and notification services.
The contents of the file included sensitive data such as authentication keys, API access data, and email service configurations. This posed a threat to bank users, as attackers could gain unauthorized access to personal information, send phishing messages, and even manipulate authentication systems.
Cybernews experts stressed that a leak of this kind could lead to serious consequences: attackers could use vulnerabilities to carry out attacks and access confidential data. They also noted the importance of protecting configuration files to prevent such incidents.
After discovering the vulnerability, the Cybernews team contacted Braza Bank, which immediately closed access to the file. In an official statement, the bank said that the leak did not affect internal data, as the compromised keys were already outdated or not privileged enough to cause harm.
Braza Bank also said that it has strengthened cybersecurity measures and improved internal processes to prevent similar incidents in the future.
Source
