One of the leading business consulting firms in the U.S., Frost & Sullivan, was breached after data from an unsecured backup folder which got leaked on the Internet was sold on a hacker forum.
About FROST AND SULLIVAN
Frost & Sullivan is a business consulting firm that helps corporates in forming growth strategies, conducting market research, corporate training, and many more. Having a presence in about 40 locations throughout the world and over 1,800 employee workforce, this firm has quite an extensive network.
The incident is of June 22, 2020, when a group known as ‘KelvinSecurity Team’ pinged to a hacker forum. The post stated that they were selling various databases that were related to Frost & Sullivan’s employees and clients.
KelvinSecurity states themselves ‘Business Intelligence Contractors’, but a report by InfoArmor describes this group as a team known for less legal activities.
In the forum, the group has stated that the data it has contains 6,000 customer records and 6,146 records for companies.
While talking with Beenu Arora, CEO of cybersecurity intelligence firm Cyble, BleepingComputer was told that the data breach happened due to an unsecured backup folder that contained databases and company documents.
“The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. The backup directory had its employees and customers records, along with other confidential information,” Arora told BleepingComputer.com.
What’s there in the data?
The customer database, which is leaked, included information such as the client name, email address, the company contact, whether they are confidential, and other non-sensitive data.
On the other hand, the exposed employee database consists of even more sensitive information such as first and last names, login names, email addresses, and hashed passwords.
Image credit: identityforce.com