The U.S. Credit Union Service has exposed more than 3 million records as a result of a misconfigured cloud database suspected to be a customer relationship management system of Michigan-based credit union service provider CU Solutions Group, Hackread reports.
Aside from containing over a million email conversations, the leaked 13GB database also included data belonging to thousands of U.S. credit unions, internal notes, and clients' full names, home and email addresses, and plaintext passwords, according to a report by cybersecurity researcher Jeremiah Fowler published on WebsitePlanet.
Meanwhile, CU Solutions Group, which immediately secured the exposed database upon Fowler's notification, noted that a third-party vendor may be behind the misconfiguration. However, whether the database had been infiltrated by threat actors before the issue was addressed continues to be a mystery.
Organizations that have been dealing with CU Solutions Group have been urged to confirm potential breach impact with the company, activate two-factor authentication, and be vigilant of malicious activity.