In a startling revelation, a security breach at Spanish bank EvoBanco has exposed a series of lapses in data protection, put the data of millions of customers at risk. The attack begins with the discovery of a vulnerability in the bank’s registration process, allowing unrestricted access to user data through GET requests, regardless of user identity. With a straightforward brute force attack, millions of user records, including sensitive information such as phone numbers and salaries, were laid bare.
In a statement reminiscent of David versus Goliath, the actor highlights EvoBanco’s negligence in safeguarding customer data, accusing the bank of prioritizing its reputation over customer security. The breach, allegedly uncovered in a non-illicit manner, raises concerns about the bank’s commitment to transparency and accountability.
Moreover, the actor expresses sympathy for EvoBanco’s customers, who now face potential risks due to the bank’s lax security measures. In response to EvoBanco’s silence, the actor vows to escalate their efforts, threatening to publicly disclose the identities of high-ranking bank officials and employees each day until the bank acknowledges its mistake.
In their latest missive, the threat actor issues a stark warning, shedding light on potential future repercussions for the bank. They commend the proactive stance taken by other financial institutions, such as Carrefour Pass, contrasting it with EvoBanco’s reactive approach.
The incident serves as a cautionary tale for financial institutions worldwide, underscoring the importance of proactive cybersecurity measures and swift responses to potential threats. EvoBanco’s reputation hangs in the balance as the public awaits a response to the actor’s demands for accountability and dialogue.
