PII, credit card numbers and CVVs leaked in Fieldwork data leak
Cybersecurity specialists Noam Rotem and Ran Locar from security firm vpnMentor recently discovered an exposed database belonging to Fieldwork, an operations management software firm for small and medium-sized companies. Full research is available at the following link.
Experts claim that they discovered a large
amount of exposed data stored in the database.
The compromised information included full names, phone numbers, email address,
payment card details, among other Fieldwork customer data.
“We contacted the company immediately
after we discovered the incident,” cybersecurity services experts say.
“The Fieldwork IT security team behaved very professionally and
efficiently; less than twenty minutes after reporting the leak, the database
had been secured”, the experts added.
The most relevant thing about the find is an
automatic login link that allowed any user to access the company’s backend
system; records in the backend included sensitive customer details, as well as
multiple data about the company’s administrative activities.
According to the experts, the database was
exposed for about thirty days. In addition, experts found that access was
possible to access the company’s user portal, a potentially dangerous factor,
as threat actors could access all customer records stored by the company. As if
that wasn’t enough, hackers could block the company’s access to these accounts
by simply making some changes to the backend.
The International Institute of Cyber Security (IICS)
cybersecurity services experts believe that, in the event of a threat actor
using the information exposed, potential fraudulent actions would have a
significant impact on both for companies that work with this software as well
as for Fieldwork.
“When a hacker manages to infiltrate a
company’s systems, the chances of compromising a company’s operations are
immense. In addition, suspending its activities would cost the company
thousands of dollars in losses, not to mention the possibility of confidential
customer data reaching the wrong hands,” the researchers added.
(Visited 4 1 times)
Gloss