A microfinance organization “Zaymograd” from the Murmansk region of Russia has leaked personal information for at least 36,763 people who had signed up online to receive instant micro loans.
The leaked data included names, passport IDs, and their home addresses.
Anyone with Internet access could enumerate publicly accessible URLs at the organization’s website and receive this personally identifiable information (PII) of their customers.
The information about the misconfigured web server became available on some dark web resources on December 17th.
The microfinance organization was informed, but private customers’ data appears to still be freely available to download.