HomeNewsData Breach: Frost & Sullivan databases for sale in hacking forum

Data Breach: Frost & Sullivan databases for sale in hacking forum

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 29/07/2020 by TheDigitalHacker

One of the leading business consulting firms in the U.S., Frost & Sullivan, was breached after data from an unsecured backup folder which got leaked on the Internet was sold on a hacker forum.

About FROST AND SULLIVAN

Frost & Sullivan is a business consulting firm that helps corporates in forming growth strategies, conducting market research, corporate training, and many more. Having a presence in about 40 locations throughout the world and over 1,800 employee workforce, this firm has quite an extensive network.

The Hack

The incident is of June 22, 2020, when a group known as ‘KelvinSecurity Team’ pinged to a hacker forum. The post stated that they were selling various databases that were related to Frost & Sullivan’s employees and clients.

KelvinSecurity states themselves ‘Business Intelligence Contractors’, but a report by InfoArmor describes this group as a team known for less legal activities.

In the forum, the group has stated that the data it has contains  6,000 customer records and 6,146 records for companies.

While talking with Beenu Arora, CEO of cybersecurity intelligence firm Cyble, BleepingComputer was told that the data breach happened due to an unsecured backup folder that contained databases and company documents.

“The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. The backup directory had its employees and customers records, along with other confidential information,” Arora told BleepingComputer.com.

What’s there in the data?

The customer database, which is leaked, included information such as the client name, email address, the company contact, whether they are confidential, and other non-sensitive data.

On the other hand, the exposed employee database consists of even more sensitive information such as first and last names, login names, email addresses, and hashed passwords.

Image credit: identityforce.com

 

Mohit K
Mohit K
Mohit is a startup and technology enthusiast who loves writing about gadgets and tech businesses. He is currently pursuing his marketing studies at IIM, Delhi.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...