According to the Credit Union Times, a server containing 1.5 million Freedom Mobile users data was exposed to hackers in one of the latest potentially devastating cybersecurity lapses of a major Canadian company. The exposed data included user’s personal data, unencrypted credit card information, CVV numbers, verification numbers, and expiration dates. Freedom Mobile also had five million exposed customer data logs, which included customer names, email, postal addresses, phone numbers, account numbers, and even Equifax credit card checks.
According to security experts, Freedom Mobile left a server full of payment information and personally identifiable information of thousands of their customers on unsecured servers with no passwords. Even more concerning, the company didn't even know the server was vulnerable to outside hacking as the server had been accidentally misconfigured to be public until they were notified by outside experts from VPNmentor. The experts who found the security breach said they could view at least 5 million unprotected records. Freedom Mobile says the breach impacted about 15,000 users.
While it is unclear if hackers or bad actors did access the exposed information, the information that was made public would enable hackers to make purchases with the exposed information. According to one expert that exposed information would be a hacker’s jackpot because there is a high value to the unprotected data that was stored in the server.
Freedom Mobile’s mistake brings attention back to the importance of basic cyber security. In the case of Freedom Mobile, a hacker did not use sophisticated attacks or malware to gain entry to a secure database of customer information. Rather a simple configuration mistake left the door right open to anyone being able to view what was supposed to be secured and heavily protected sensitive customer information.