- A researcher has found almost 200k personal records exposed
- It looks to belong to a billing platform, Invoicely
- This leaves anyone impacted at risk of fraud or identity theft
A publicly exposed database left without encryption or a password and containing 178,519 files has been discovered by cybersecurity researcher Jeremiah Fowler. In the sampling of the exposed files, he reported seeing personally identifiable information (PII) like names, addresses, numbers, tax ID, and more.
By analyzing the records, the researcher theorized the databases belong to small business billing platform, Invoicely - although it’s not certain if the database is owned/managed directly by the company, or if it is run by a third party.
A serious concern when PII is involved is the threat of identity theft, since criminals will attempt to use your details to take out loans or credit cards. The added danger with financial details or invoices is that threat actors may replicate or impersonate customers or business partners using fake invoices or financial dealings.
Elevated risks
The inclusion of financial information like tax documents represents an opportunity for threat actors to create multiple different attacks, including fraud, social engineering, or spear-phishing attacks - or even lead the criminals to higher value targets through their business dealings.
The researcher also outlines the risk of fraudulent tax filings, with approximately 6,000 tax returns filed using stolen identities in 2025 - creating complicated situations for taxpayers who are then left picking up the pieces.
“My advice to organizations that develop and provide invoice and accounting platforms, applications, or services is to limit the collection and retention of personal data when possible,” said Fowler.
“Encrypt sensitive information so that it is not human readable; that way, if there is a data exposure, encryption adds an additional layer of security. While not impossible to decrypt, properly encrypted files remain extremely difficult to access without the correct credentials.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Attackers claim they hacked Nissan's design studio and stole 4TB of data
