Private messages exposed in massive data spill from loan shop.

Tools
Private messages exposed in massive data spill from loan shop.

Published:

Written by: Staff Editor
spot_img

Data Leak at Nigerian FinTech Company Exposes 846,000 Customers and Their Emergency Contacts

A shocking data leak at Nigerian FinTech company BestFin Nigeria has exposed the personal information of 846,000 customers and their emergency contacts. The leak, discovered by the Cybernews research team on July 2nd, 2024, revealed that money lenders are going to extreme lengths to extract data from their clients, including accessing private communications.

The leaked database, over 300GB in size, contained a plethora of sensitive information, including personal details, emergency contacts, app installations, contact lists, device identifiers, SMS messages, and even bank verification numbers. This extensive data collection raises serious privacy concerns and potential risks for the affected individuals.

Furthermore, the researchers found evidence of a compromise by an external threat actor, who left a ransom note demanding payment for the recovery of the database. This alarming development highlights the vulnerability of personal data in the hands of financial institutions and the potential for exploitation by cybercriminals.

The leak also shed light on unethical practices among digital lending services in Nigeria, with some exposed messages revealing blackmail, harassment, and other coercive tactics used by lenders. This revelation underscores the urgent need for stronger data privacy regulations and enforcement in the country.

As the investigation continues, users of the iCredit app in Nigeria are advised to remain vigilant against phishing scams and unauthorized access to their accounts. Cybernews has reached out to BestFin Nigeria for a comment on the incident but has yet to receive a response.

The disclosure timeline shows that the data leak was discovered on July 2nd, with access to the database finally closed on August 26th after multiple follow-up attempts. This incident serves as a stark reminder of the importance of safeguarding personal data in the digital age and the need for greater transparency and accountability in the financial sector.

spot_img

Related articles

Recent articles

CISOs Shift Focus from Security to Resilience: A 2023 Imperative for Critical Infrastructure

Features
CISOs Shift Focus from Security to Resilience: A 2023 Imperative for Critical Infrastructure In the evolving landscape of cybersecurity, the traditional pursuit of 100% prevention...
Read more

Cybersecurity Stocks Q4 Earnings Show Mixed Results: Varonis Reports Growth, CrowdStrike Leads Peers

Global
Cybersecurity Stocks Q4 Earnings Show Mixed Results: Varonis Reports Growth, CrowdStrike Leads Peers March 19, 2026 – The latest financial performance review of cybersecurity stocks...
Read more

Li Ning Company Limited Strengthens Competitive Edge with 3.2% Revenue Growth in 2025 Annual Results

Regional
Li Ning Company Limited Strengthens Competitive Edge with 3.2% Revenue Growth in 2025 Annual Results Li Ning Company Limited has announced its audited annual results...
Read more

IMF Strengthens Seychelles’ Economic Resilience with Staff-Level Agreement on Final Reviews and 2026 Consultation

Regional
IMF Strengthens Seychelles' Economic Resilience with Staff-Level Agreement on Final Reviews and 2026 Consultation The International Monetary Fund (IMF) has reached a significant staff-level agreement...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com