HackRead reports that invoicing platform Invoicely was discovered by cybersecurity researcher Jeremiah Fowler to have a publicly accessible database exposing 178,519 files.

Included in the misconfigured database were banking information in PDF and CSV formats, invoices, scanned checks, and tax documents. Fowler also discovered that it held personally identifiable information, such as names, tax IDs, phone numbers, and physical addresses, and other sensitive documents, including medical payment receipts and airline tickets.

Hackers could exploit the stolen data for invoice fraud, which remains a major risk. It remains unclear whether the database was directly managed by Invoicely or a third-party contractor, how long it had been exposed, or whether there had been any unauthorized access.

The database was taken offline after Fowler reported it. He emphasized that sensitive data should be encrypted, making it "extremely difficult to access without the correct credentials," even if it is exposed.