- An investigator has found almost 200,000 exposed personal records
- It appears to belong to an invoicing platform, Invoicely
- This leaves anyone affected at risk of fraud or identity theft.
Cybersecurity researcher Jeremiah Fowler discovered a publicly exposed database with no encryption or password and containing 178,519 files. In the sample of exposed files, you reported seeing personally identifiable information (PII) such as names, addresses, numbers, tax IDs, and more.
Analyzing the records, the investigator theorized that the databases belong to the small business billing platform, Invoicely, although it is not certain if the database is owned or managed directly by the company or if it is managed by a third party.
A serious concern when it comes to PII is the threat of identity theft, as criminals will attempt to use your data to apply for loans or credit cards. The additional danger with financial details or invoices is that threat actors can replicate or impersonate customers or business partners using fake invoices or financial transactions.
High risks
The inclusion of financial information, such as tax documents, represents an opportunity for threat actors to create multiple different attacks, including fraud, social engineering or phishing attacks, or even lead criminals to higher-value targets through their businesses.
The researcher also highlights the risk of fraudulent tax returns, with approximately 6,000 tax returns filed using stolen identities in 2025, which will create complicated situations for taxpayers, who will then have to pay the bills.
“My advice to organizations developing and providing billing and accounting platforms, applications or services is to limit the collection and retention of personal data where possible,” Fowler said.
“Encrypt sensitive information so that it is not human readable; that way, if there is a data exposure, the encryption adds an extra layer of security. While not impossible to decrypt, properly encrypted files are still extremely difficult to access without the correct credentials.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
