• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Data Breach
  • Billions of FBS Records Exposed in Online Trading Broker Data Leak

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Pierluigi Paganini March 24, 2021

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites.

The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more.

Were such detailed personally identifiable information (PII) to fall in the wrong hands, it could have been used in the execution of a wide range of cyber threats. The data leak was unearthed as part of WizCase’s ongoing research project that randomly scans for unsecured servers and seeks to establish who are the owners of these servers. We notified FBS of the breach so they could take appropriate action to secure the data. They got back to us a few days later and secured the server within 30 minutes.

What’s Going On

Forex, a portmanteau of foreign currency and exchange, is the process of converting one currency into another for a wide range of reasons including finance, commerce, trading and tourism. The forex trading market averages more than US$5 trillion in daily trading volume. Forex trading may be dominated by banks and global financial services but, thanks to the Internet, the average person can today dabble directly in forex, securities and commodities trading.

In the rush toward online trading though, users have entrusted terabytes of confidential data to online forex trading platforms. With financial transactions being at the core of forex trading, the nature of user data held in these trading databases is highly sensitive. This has made online trading sites a lucrative target for cybercriminals.

FBS, a major online forex trading site, left an unsecured ElasticSearch server containing almost 20TB of data and over 16 billion records. Despite containing very sensitive financial data, the server was left open without any password protection or encryption. The WizCase team found that the FBS information was accessible to anyone. The breach is a danger to both FBS and its customers. User information on online trading platforms should be well secured to prevent similar data leaks.

Who is FBS

Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. It is one of the most popular online trading brokers in the world. The FBS app for the Android OS has been downloaded more than one million times on Google Play Store as of January 2021.

So large is the number of traders on FBS that every 20 seconds, an FBS client submits a request to withdraw their profit. An official trading partner of soccer giants FC Barcelona, FBS clients rake in half a billion dollars in profit each year. While FBS operates worldwide through its platforms FBS.com and FBS.eu, the company’s primary offices are in Belize and in Limassol, Cyprus.

What Was Leaked?

Nearly 20TB of data was leaked comprising more than 16 billion records. Millions of FBS users spread across the world were affected. Leaked information included the following:

PIIs such as

  • Names and surnames
  • Email addresses
  • Phone numbers
  • Billing addresses
  • Country
  • Time zone
  • IP addresses
  • Coordinates
  • Passport numbers
  • Mobile device models
  • Operating system
  • Email sent to FBS users
  • Social media IDs including GoogleIDs and FacebookIDs
  • Files uploaded by users for verification including personal photos, national ID cards, drivers licenses, birth certificates, bank account statements, utility bills and unredacted credit cards

User ID and Credit Card Photo Uploads

User ID and Credit Card photo
User ID photo

User details such as

  • FBS user ID
  • FBS account creation date
  • Unencrypted passwords encoded in base64
  • Password reset links
  • Login history
  • Loyalty data including loyalty level, level points, prize points, total money deposited, active days, active clients, points earned and points spent

A German User’s Account

Redacted German user account

An Australian User’s Account

Redacted Australian user account

Plain Text (base64) Passwords

Redacted plain text password

Financial details such as

  • User transaction details including deposited money, currency, payment system, transaction IDs, account IDs, transaction dates, number of times money was deposited, last deposit amount, last deposit date, total deposit, credit, balance, last month’s balance, interest rate, taxes, equity and margin free. Some of the transactions are really large.

A $500,000 Transaction

Redacted 500,000 transaction

Each data set would on its own provide valuable information for an attacker but combining all of them makes the threat much more formidable.

What Does This Mean for FBS and Its Users?

The primary threats for FBS and its users include the following:

1. Identity Theft and Fraud

The personal identifiable information (PII) exposed by the leak could be used in fraudulent authentication across other platforms. The names, email addresses, physical address, passport numbers, driver’s license numbers, national ID numbers, phone numbers, social media IDs, credit cards, photos, financial records, and more could allow bad actors to impersonate the owner.

2. Scams, Phishing and Malware

Leaked contact information may be used to launch scam, phishing and malware attacks against FBS users. The data could be the basis for establishing trust in order to encourage clicks, malware downloads and the availing of more confidential information. Armed with the sensitive authentic data, a cybercriminal will sound more credible when they request for information over the phone or email.

3. Credit Card Fraud

To complete a card payment, FBS asks users to upload a photo of both sides of their credit/debit card. With the images accessible to bad actors, it is not difficult for the information to be used to commit credit card fraud.

4. Blackmailing

With email addresses, physical addresses, social media IDs and financial records accessible, bad actors could target for extortion users who move relatively large amounts.

5. Personal Safety

With cyber criminals having access to not just your financial transactions on FBS but also your physical address and phone number, you or your home could be the target of a robbery or burglary. Your transactions may give criminals a hint of your financial status.

6. Business Espionage

With FBS user email addresses and phone numbers readily accessible, competitors could extract this information and use it to target and lure users to their own online trading platforms. Stolen source code and information on the site’s structure also makes it easier for third parties to clone the FBS website then make minor adjustments in accordance to their needs.

7. Account Takeover

The leak exposed password reset links. With access to such sensitive information, an attacker could easily take over the account of any FBS user as long as they knew the user’s email address. Also, with the plaintext password (encoded in base64) and knowing that many people reuse passwords across platforms, cybercriminals could attempt to use the password on other platforms and take over.

This list does not cover all the risks users and organizations are exposed to from the FBS breach. Cybercriminals are continuously exploring new ways of using confidential information for nefarious ends.

As an FBS User, What Should You Do?

you can find the answer in the original post at:

https://www.wizcase.com/blog/fbs-leak-research/

About the author Chase Williams

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Exchange)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

data leak FBS Hacking hacking news information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 09, 2025
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
Read more
Pierluigi Paganini July 09, 2025
Hackers weaponize Shellter red teaming tool to spread infostealers
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

    Security / July 08, 2025

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 08, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT