Insdubai.com: Motor insurance policies, data of insured persons was exposed
A significant data exposure incident occurred involving Insdubai.com, a portal for managing motor insurance policies in the UAE. Approximately 16 GB of sensitive data, including personal information from various insurance companies, was publicly accessible until it was taken offline. The incident raised concerns about potential misuse of the exposed data for fraudulent activities.
- ▪The index page of insdubai.com was publicly accessible, revealing sensitive data from various insurance companies.
- ▪The exposed data included personal information such as names, addresses, and policy details of insured individuals and businesses.
- ▪The server was taken offline after responsible disclosure notifications were sent to affected parties, but no responses were received.
Opening excerpt (first ~120 words) tap to expand
Who is Insdubai?It is a portal specializing in the digital management and validation of motor insurance policies in the United Arab Emirates. Its main function is to provide a centralized environment where insurers issue official documents that comply with the regulations of the UAE Insurance Authority.Finding the exposed data:The index page of insdubai.com is open, showing the files of various insurance companies.During my investigation, I discovered this server publicly exposed on April 7. It contained approximately 16 GB of data. The folder assets/uploaded-policies held insurance policies uploaded by various insurance companies in the United Arab Emirates.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Write.ups-security-chu.com.
Discussion
0 commentsMore from Write.ups-security-chu.com
