Skip to main content

More than 82M records exposed by an enterprise software developer

An image of a hand grabbing the word "password" (written in red) set against a background of binary code.

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


Correction at 12:00 p.m. Pacific: An earlier version of this story misstated in the headline that Whole Foods’ customer records had been exposed in this breach. Whole Foods assures that no customer records have been jeopardized. We regret this error.

 

In early July, security researcher Jeremiah Fowler, in partnership with the CoolTechZone research team, discovered a non-password-protected database that contained more than 82 million records.

The records had information that referenced multiple companies, including Whole Foods Market (owned by Amazon) and Skaggs Public Safety Uniforms, a company that sells uniforms for police, fire, and medical customers all over the United States.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

The logging records exposed numerous customer order records, names, physical addresses, emails, partial credit card numbers, and more. These records were marked as “Production.”

Overall, the size of the leaked data is approximately 9.57GB. The total number of records when first discovered (between April 25 and July 11) was 28,035,225. After the notice was sent (between April 25 and July 30), the total number of records rose to 82,099,847.

What do logging records tell us?

There were millions of logging records that did not have any specific order, so it is hard to fully understand just how many individuals were affected.

The Whole Foods records identified internal user IDs of their procurement system, IP addresses, and what appear to be authorization logs or successful login records from an activity monitoring system.

Other logs had references to Smith System, a school furniture manufacturer, and Chalk Mountain Services, a trucking leader in the oilfield services industry.

The majority of the payment and credit records appeared to be connected to Skaggs Public Safety Uniforms. They operate multiple locations and have offices in Colorado, Utah, and Arizona. CoolTechZone ran several queries for words such as “police” and “fire” and could see multiple agencies as well as their orders, notes, and customization requests.

Logging can identify important security information about a network. The most important thing about monitoring and logging is to understand that they can inadvertently expose sensitive information or records in the process.

Reviewing logs regularly is an important security step that should not be overlooked, but often is. These reviews could help identify malicious attacks on your system or unauthorized access.

Unfortunately, because of the massive amount of log data generated by systems, it is often not logical to manually review these logs, and they get ignored. It is vital to ensure that records are not kept for longer than is needed, sensitive data is not stored in plain text, and public access is restricted to any storage repositories.

How is this dangerous for users?

The real risk to customers is that criminals would have insider information that could be used to socially engineer their victims.

As an example, there would be enough information to call or email and say, “I see you just purchased our product recently, and I need to verify your payment information for the card ending in 123.” The unsuspecting customer would have no reason to doubt the verification because the criminal would already have enough information to establish trust and credibility.

Or, using a “Man in the Middle” approach, the criminal could provide invoices to partners or customers with different payment information so that the funds would be sent to the criminal and not the intended company.

Internal records can also show where data is stored, what versions of middleware are being used, and other important information about the configuration of the network.

This could identify critical vulnerabilities that could potentially allow for a secondary path into the network. Middleware is considered “software glue” and serves as a bridge between two applications. Middleware can also introduce added security risks.

Using any third-party application, service, or software creates a scenario where your data may be out of your control. As is commonly said, “data is the new oil,” and it is extremely valuable.

Often, when there is a data exposure, it happens because of human error and misconfiguration, not malicious intent. CoolTechZone would highly recommend changing all administrative credentials in the event of any data exposure to be on the safe side.

It is unclear exactly how long the database was exposed and who else may have gained access to the publicly accessible records. Only a thorough cyber forensic audit would identify if the dataset was accessed by other individuals or what activity was conducted.

It is also unclear if clients, customers, or authorities were notified of the potential exposure.

 

Syndicated content note: Jeremiah Fowler is a cybersecurity researcher and the co-founder of Security Discovery. He has spent over a decade in the tech industry

This story originally appeared on Cooltechzone.com. Copyright 2021

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.