Misconfigured CouchDB exposed details of more than 400 million customers

MoneyBack, a tax refund company in Mexico mistakenly exposed sensitive details if its customers due to a misconfigured CouchDB database instance. MoneyBack operates with help of more than 6500 affiliate stores who offer tax refund as a type of discount to lower the final purchase price of certain goods tourists buy. Tax Free Shopping in Mexico Works is a well-known concept in Mexico that offers refund of up to 8.9% of the total amount they spend on shopping.

The incident was discovered by Kromtech researchers last week. According to security vendor the details exposed in the incident includes passport numbers IDs, Credit Cards, Travel Tickets and other scanned documents.


Kromtech researchers: https://mackeepersecurity.com/post/mexican-tourist-tax-refund-company-leaks-customer-records

Leave a Reply

Your email address will not be published. Required fields are marked *