A major data exposure incident has been discovered involving Invoicely, a popular invoicing and billing platform used by businesses around the world. Security researcher Jeremiah Fowler found an unprotected database containing sensitive personal and financial information belonging to thousands of users, partners, and employees.
According to the researcher, the database was not password-protected or encrypted and was left accessible to anyone online.. The exposed dataset included around 178,519 files in formats such as XLSX, CSV, PDF, and various image files. These documents reportedly contained personally identifiable information (PII), including names, phone numbers, physical addresses, tax ID numbers, and payment details.
Fowler said that the database appeared to belong to Invoicely by Stack Holdings GmbH, a Vienna-based software company. After discovering the exposure, he immediately reported the issue, and the database was secured within hours. However, it remains unclear how long the database was publicly accessible or if anyone else had accessed the data before it was taken down.
The leaked documents reportedly contained a wide range of sensitive records including invoices, tax, forms, medical receipts, and travel receipts. One document even included a scanned check showing account and routing numbers. Such data could be misused for identity theft, financial fraud, or phishing attacks, giving criminals enough information to impersonate individuals or businesses.
Data breaches involving financial platforms can be especially dangerous. Cybercriminals can use exposed details like business names, tax numbers, and payment histories to craft fake invoices or redirect payments. The breach also raises concerns about tax-related identity theft
