Freely subscribe to our NEWSLETTER

Researchers at Safety Detectives – an expert resource on cybersecurity and online safety software – have uncovered a major data breach impacting leading UK cashback website PouringPounds.com. The discovery was led by cybersecurity expert and ‘hactivist’ Anurag Sen.

The breach exposed 2 terabytes of sensitive user data – including bank details, full names, mobile phone numbers, e-mail addresses, plain text passwords and usernames, IP addresses and more – hosted on a publicly exposed elastic server without any password protection.

PouringPounds.com is a popular voucher and cashback website in the UK providing over 1 million British bargain shoppers with savings and deals. Two sites belonging to Pouring Pounds Ltd. – PouringPounds.com and Indian cash-back website CashKaro.com – were impacted by the breach, which greatly compromised the privacy and personal data of its active users. The database continued to grow as Safety Detectives investigated it, each day showing logs for that day plus the previous 6 days.

Anurag Sen first attempted to contact PouringPounds Ltd. about the breach on September 4th. After several attempts to alert the company of the breach, it was not until September 21st that PouringPounds Ltd. responded to Safety Detectives and secured the database.

“Some companies always deny or try to minimize leaks”, Safety Detectives added. “While some companies react well by securing the breach promptly, other companies do not react quick enough and when eventually cornered tend to deny the breach or minimize the impact to preserve reputation.”

The discovery was made as part of Safety Detectives on-going ethical web-mapping project which seeks to identify vulnerabilities and data breaches online and notify those responsible in order to improve online safety and security.

The full report has just gone live on Safety Detectives’ website.