Data Leak at Nigerian FinTech Company Exposes 846,000 Customers and Their Emergency Contacts

A shocking data leak at Nigerian FinTech company BestFin Nigeria has exposed the personal information of 846,000 customers and their emergency contacts. The leak, discovered by the Cybernews research team on July 2nd, 2024, revealed that money lenders are going to extreme lengths to extract data from their clients, including accessing private communications.

The leaked database, over 300GB in size, contained a plethora of sensitive information, including personal details, emergency contacts, app installations, contact lists, device identifiers, SMS messages, and even bank verification numbers. This extensive data collection raises serious privacy concerns and potential risks for the affected individuals.

Furthermore, the researchers found evidence of a compromise by an external threat actor, who left a ransom note demanding payment for the recovery of the database. This alarming development highlights the vulnerability of personal data in the hands of financial institutions and the potential for exploitation by cybercriminals.

The leak also shed light on unethical practices among digital lending services in Nigeria, with some exposed messages revealing blackmail, harassment, and other coercive tactics used by lenders. This revelation underscores the urgent need for stronger data privacy regulations and enforcement in the country.

As the investigation continues, users of the iCredit app in Nigeria are advised to remain vigilant against phishing scams and unauthorized access to their accounts. Cybernews has reached out to BestFin Nigeria for a comment on the incident but has yet to receive a response.

The disclosure timeline shows that the data leak was discovered on July 2nd, with access to the database finally closed on August 26th after multiple follow-up attempts. This incident serves as a stark reminder of the importance of safeguarding personal data in the digital age and the need for greater transparency and accountability in the financial sector.