IT giant Tech Data has plugged a data leak which exposed 264GB of customer data to the public after being informed of the leak by security researchers.
Security researchers Noam Rotem and Ran Locar of vpnMentor first discovered that a log management server was leaking system-wide information while working on their own web mapping project. They then took a sample of the leaked information and determined that the leak was serious.
vpnMentor provided further details on their discovery in a blog post, saying:
- A world where data manages data
- Misconfigured Box accounts lead to sensitive data leaks
- Security teams are drowning in data
“With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) – including for a criminal defense attorney, a utilities service provider, and more. There were enough details in this leak wherein a nefarious party could easily access users’ accounts – and possibly gain access to the associated permissions for said accounts.”
Due to the large size of the database, the researchers only took a small sample but they were still able to discover that private API keys, bank and payment information, usernames and unencrypted passwords as well as process information relating to Tech Data clients' internal systems and SAP builds were exposed.
Additionally, information on the company's employees was also available including their full names, job titles, email addresses, physical addresses and telephone numbers. Reseller contact and invoice data, payment and credit card information and internal security logs were also exposed on the database.
vpnMentor discovered the exposed database at the beginning of June and the company informed Tech Data on the same day. TechData responded to the researchers' requests a few days later at which time the leak was plugged.
Fortunately for its customers, TechData has reported that there has been no evidence yet that the data stored in the affected server has been misused by cybercriminals.
- Also check out the best disaster recovery services