A Canadian bank, Scotiabank, was found to have sensitive data exposed, some of it for months according to researchers. A wide array of information was discovered, this included documentation files and code, some of which is thought to be for mobile apps for Central and South American customers. Foreign exchange access keys, service login credentials, keys to access the bank’s backend systems and services in different parts of the world, and software blueprints were also found. “They have a foreign exchange (FX) rate SQL Server database that has had its credentials and public-private keys in the open for months. Knowing that there is a known potential for someone to tweak FX rate data, the integrity of the bank is diminished accordingly,” said the discovering researcher. After getting the report, the bank secured the repositories and stated that none of the information included would have put anyone connected to the bank at risk. However, experts say this is quite the contrary as the code could have fallen into the wrong hands and caused major issues.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is