TLDR:
- The affiliate sales platform SoftwareProjects experienced a data breach in which nearly 200GB of customer and affiliate data was exposed.
- The exposed database contained personally identifiable information (PII) such as credit card images, identification documents, and other sensitive information.
A cybersecurity researcher discovered the breach and reported it to SoftwareProjects, who resolved the issue by moving all PII data away from public access. However, the database remained accessible for some time before being restricted. The breach exposed a range of files and documents, including internal documents, invoices, refund documents, and bank transfer records. The risks resulting from the breach include phishing, identity theft, and malware injection. It is unknown how long the data was exposed or if it was accessed by unauthorized individuals. The researcher advises affected individuals to monitor their accounts, apply for new bank cards, and consider identity theft protection services.