Unprotected Tech Data server leaked PII and financial data of customers

Unprotected Tech Data server leaked PII and financial data of customers

Unprotected Tech Data server leaked PII and financial data of customers

Security researchers recently discovered an unprotected server owned by Fortune 500 company Tech Data Corporation that contained vast amounts of personal and financial data belonging to customers as well as some passwords and private keys.
The said server was used by Tech Data to store a database that logged internal company events for its StreamOne cloud service. According to security researchers Noam Rotem and Ran Locar at vpnMentor who discovered the unprotected server, lack of password-protection allowed them to access up to 264GB of client servers, invoices, SAP integrations, plain-text passwords, and other information.
After gaining access to the unprotected server, the researchers observed that it leaked vast quantities of personal and financial data that included personally identifying information of customers such as names, email addresses, job titles, postal addresses, telephone numbers, and fax numbers.
Other data observed in the database included private API keys, bank information, payment details, usernames, unencrypted plain-text passwords, and machine and process information of clients’ internal systems that could prove invaluable for hackers.

Tech Data acted quickly to disable data-leaking server

“There were enough details in this leak wherein a nefarious party could easily access users’ accounts – and possibly gain access to the associated permissions for said accounts. As Tech Data is such a significant player in the industry, the exposed database left it vulnerable to competitors looking to gain an unfair advantage and for hackers to take control of the systems, exploiting it with ransomware and the like,” said vpnMentor.
The firm observed that the data leak was easily preventable and all that Tech Data had to do was add password security to the server, implement proper access rules, and not leave it open to the Internet without authentication. However, the company did act quickly by closing down the server within 48 hours of being informed by vpmMentor researchers about the leak.
“It’s worth noting that Tech Data’s team was very professional in handling news of the leak and asked the real questions to solve the problem. We commend their expertise and dedication,” the firm added.
Even though Tech Data hasn’t issued a press release to confirm that the data leakage has been plugged, a company spokesman said that within hours of the company learning about the incident, the security vulnerability was corrected, and the server was disabled.
ALSO READ: Insurance giant First American leaked 885 million personal data records

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]