Mexico Business & Finance News

Puerto Vallarta • Riviera Nayarit 

  News &
Issues &
Business &
Health &
Lifestyle &
Travel &
Science &

VAT Refund Giant MoneyBack Exposes Half-Million Passports, Credit Cards Online

Tara Seals - Infosecurity Magazine
go to original
September 10, 2017

If you’ve ever gone on holiday to Mexico and done a little shopping, then you know you can apply for a value-added tax (VAT) refund on the goods you’re taking back home. Unfortunately, one of the largest companies that does that, the appropriately named MoneyBack, has laid open its users’ information to bad actors.

According to the Kromtech Security Research Center, MoneyBack has fallen prey to the all too common mistake of leaving a misconfigured database open to the public web (it has since been secured). The CouchDB database contains passport information, credit card numbers, travel tickets and various other credentials for nearly a half-million customers, all of which was left accessible to anyone that stumbled across it.

Kromtech said that the potentially leaked data totals more than 400GB - none of which required password protection or other authentication to view or download. The information could be used to commit identity fraud or craft spearphishing gambits; or, the credit card numbers could be sold or used for fraudulent purchases.

Chances are that tourists who have visited south of the border and applied for a VAT refund in the last year could be impacted: MoneyBack is pretty much everywhere in Mexico. The company’s general director, Danielle Van Der Kwartel, told the firm that there are 6,500 MoneyBack affiliated stores; and, they provide service in more than 98% of Mexico’s airports and cruise ship docking points, plus offices and shopping mall locations.

The data includes 455,038 scanned documents, including 88,623 unique passport numbers. Researchers identified impacted passports from the US, Canada, Argentina, Colombia, Italy and elsewhere around the globe - the analysis suggests that every client that has used MoneyBack services between 2016 and 2017 was exposed.

Read the rest at Infosecurity Magazine

Related: Equifax Data Leak: How to find Out if You’re Among the 143 Million Victims — and Protect Your Credit (Mic)

We invite you to add your charity or supporting organizations' news stories and coming events to PVAngels so we can share them with the world. Do it now!

CHARITY ALERT Vallarta Botanical Garden Needs Your Help

TripAdvisor singled out the Botanical Garden for removal and placed us on our own page in Cabo Corrientes.

Please write and ask TripAdvisor why all other Cabo Corrientes attractions are still on the Puerto Vallarta page while only the Garden was removed.

Click here to see all the details

Meet the Charities

Community Services


Animals & Wildlife

Health Care

Youth & Family


Culture & Recreation

Special Interests

How You Can Help

Use Your Powers for Good

Add Your Favorite Charity

Save a Life - Give Blood


Partners for Change

Meet the Partners

Become a Partner for Change

Stay Connected

Find PVAngels on Facebook Follow PVAngels on Twitter Sign up PVAngels Newsletter RSS Feeds on PVAngels


About PVAngels

Add Your Charity

Add Your News & Events

Locate Yourself on Our Maps

Jobs - Join PVAngels Team

About Puerto Vallarta

Puerto Vallarta Local News

Local Event Calendar

Puerto Vallarta Videos

Puerto Vallarta Photos

Historic Puerto Vallarta

Local Area Maps

Important Phone Numbers

Craig's List in Puerto Vallarta

News Around Mexico

Mexico Issues & Opinions

Mexico Business News

Mexico Evironmental News

Lifestyle & Entertainment

Mexico Travel & Outdoors

Science & Technology News

Mexico News & Travel Videos

FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance a more in-depth understanding of critical issues facing the world. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 USC Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information click here. If you wish to use copyrighted material from this site for purposes that go beyond 'fair use', you must obtain permission from the copyright owner.

m3 • local actions from global awareness