Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Mortgage Broker 8Twelve Exposes Data of Canadian Residents

GOOD: 8Twelve secured its server and was swift in restricting public access within hours of being alerted by the good folks at Website Planet.

Toronto-based 8Twelve Financial Technologies, a mortgage broker, was found to have a misconfigured database exposed to the public. The database contained the personal information of more than half a million individuals.

According to cybersecurity researchers at Website Planet, who identified the server, it was worse: the data was left exposed without any security authentication or password.

However, after researcher Jeremy Fowler and the Website Planet staff sent a responsible disclosure notice to the company, 8Twelve was swift in restricting public access within hours of the discovery.

The database contains 717,814 records of thousands of Canadian residents, with information related to mortgage loans, including

Full names

Phone numbers

Email addresses

Physical addresses and more.

Many of the records appeared to be mortgage leads of people who want to buy a house, refinance, obtain an equity line of credit, or purchase an investment property, the report states.

According to Website Planet, the database contained applicants’ names, emails, and phone numbers for work, home, and cell. Some records contained physical addresses, states, or provinces. As most of the data can relate to a specific individual, the data found in the records can be considered Personally Identifiable Information (PII).

Information submitted by the applicants about their financial standing, such as their credit scores, bankruptcies, savings, finances, and other data required to start the loan application process was also found on it.

Aside from applicant information, Website Planet reported that the records also included eight twelve employee names, email addresses, and internal notes about the prospective loan or customer, indicating whether an applicant was creditworthy or not. 

Mortgage Broker 8Twelve Exposes Data of Canadian Residents
Exposed data (Image provided by Website Planet)

Potential Dangers

A misconfigured database can be a major source of concern for organizations, as it can cause data breaches and other security issues. Not only can a malicious actor gain access to sensitive information stored in the database, but they may also be able to alter or delete existing data.

Furthermore, a misconfigured database can lead to an organization facing hefty compliance penalties due to its inability to protect customer data from unauthorized access.

The most common way for databases to become misconfigured is when their settings are not properly maintained or upgraded with the latest security protocols. This often leads to less secure authentication methods being used, as well as outdated encryption algorithms, which leaves them vulnerable to attack.

As businesses increasingly rely on databases for storing and managing their data, it’s essential that they ensure they’re properly configured and regularly monitored in order to protect against potential dangers.

  1. U.S. No Fly List Leaked on Hacker Forum
  2. Truck Brokerage Company Leaking 140GB of Data
  3. Servers Exposed 579 GB of Users’ Website Activity
  4. US & China Exposed Most misconfigured Databases
  5. US Military’s Social Media Spying Campaign Exposed


I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Related News

CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub, a Microsoft subsidiary has replaced its SSH keys after someone inadvertently published its private RSA SSH host key part of…