A group known as KelvinSecurity Team has posted various databases related to Frost and Sullivan, a business consultancy firm. As per Cyble via BleepingComputer, the databases were obtained by capturing a misconfigured folder, that was exposed online. Though it’s set-up for sale, the exposing group intends to be contacted by Frost and Sullivan and know their faults.
A Misconfigured Folder!
Companies often fall in the trap of exposing their unencrypted databases online. This may not be realized until someone scrapes the important details out of it, and starts selling it to someone else. One such incident is the case of Frost and Sullivan’s, a fairly popular business consulting services firm. It’s assists clients in market research, corporate training, growth strategy, etc, and is having 1,800 employees working across 40 countries.
Cyble, a cybersecurity firm reported that one of the back-up folders belonging to the firm was unsecured and exposed online, that contained company information and databases. It was found by KelvinSecurity Team while doing a daily monitoring routine. The group is now selling the discovered database in a hacker forum.
The seller is more of an attention seeker rather than an adversary. The KelvinSecurity Team in a chat with BleepingComputer said,
“It was not a purpose to take a database and sell it. We have tried to get in contact, but like many companies, they do not answer our requests, and we sell the database to generate an alarm and quote with these companies.”
The seller claims that they haven’t sold the database to anyone yet, and are waiting to be contacted by Frost and Sullivan. The database in the deal has two sets of information, employees and customers. While the customers’ database has client name, email address, and the company contact, the employees’ database has first and last names, login names, email addresses, and hashed passwords.