https://www.gizmodo.co.uk/2020/05/samsung-rolls-royce-information-exposed-by-leaky-database-security-firm-says/
By Dhruv Mehrotra
gizmodo.co.uk
18 May 2020
Hypothetically, if you, a criminal, wanted to steal millions of dollars from a
corporation, one place to start might be figuring out who it owes money to.
Does it pay rent on any of its offices? How often does it make payments on the
expensive software or equipment it leases? Which overworked account executive
handles these payments and what would it take for her – eager to get home to
her three kids after a long week – to accidentally authorise payment to you
instead of the accounts she manages?
While the kinds of information required to pull off this type of social
engineering attack are typically guarded behind corporate firewalls, British
cybersecurity firm TurgenSec discovered that a database of precisely this type
of data was left completely open, visible to any hacker with a web browser who
took the time to look.
The database, which belongs to lease management software from a company called
LeaseSolution, contains 6 million database entries detailing confidential
business information from nine companies including Samsung and Rolls-Royce,
according to TurgenSec researchers.
The database appears to have now been taken offline. LeaseSolution did not
respond to Gizmodo’s request for comment. We have reached out to Samsung and
Rolls-Royce and will update when we hear back.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
