Exposed Frost & Sullivan databases for sale on hacking forum


Frost &  Sullivan

U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum.

Frost & Sullivan is a business consulting firm that assists companies in growth strategy, market research, on corporate training. With 40 locations throughout the world and over 1,800 employees, Frost & Sullivan is a well-known consulting firm.

On Monday, a group known as ‘KelvinSecurity Team’ posted to a hacker forum stating that they were selling various databases related to Frost & Sullivan’s employees and customers.

KelvinSecurity states that they are ‘Business Intelligence Contractors’, but a report by InfoArmor describes them as a group known for less legal activities.

In the forum post, the group states that the data being sold includes 6,000 customer records and 6,146 records for companies.

Post on a hacker forum
Post on a hacker forum

In a conversation with Beenu Arora, CEO of cybersecurity intelligence firm Cyble, BleepingComputer was told that the data breach was caused by an unsecured backup folder that contained databases and company documents.

“The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. The backup directory had its employees and customers records, along with other confidential information,” Arora told BleepingComputer.com.

The customer database contained information such as the client name, email address, the company contact, whether they are confidential, and other non-sensitive data.

On the other hand, the exposed employee database had more sensitive information such as first and last names, login names, email addresses, and hashed passwords.

Exposed Frost & Sullivan employee data
Exposed Frost & Sullivan employee data

KelvinSecurity says they tried to contact Frost & Sullivan

In a conversation with KelvinSecurity Team, BleepingComputer was told that the exposed folder was discovered during a “daily monitoring routine” and included “the data of employees and clients among other tables that identify access as administrator.”

When asked why they were selling the data, they stated that they had tried to contact the company but received no response. To generate ‘alarm,’ they decided to sell the data to get Frost & Sullivan to respond.

“It was not a purpose to take a database and sell it. We have tried to get in contact, but like many companies, they do not answer our requests, and we sell the database to generate an alarm and quote with these companies,” KelvinSecurity Team told BleepingComputer.

KelvinSecurity claims that they have not sold the data and are hoping the Frost & Sullivan contact them “to solve and eliminate the sale attempt.”

Cyble Inc has told BleepingComputer that at this point, it does not matter as the backup folder has been secured and is no longer exposed online.

BleepingComputer has contacted Frost & Sullivan with questions about this data breach but has not received a reply.



Source link

Recent articles

Coronavirus Live Updates: Trump Pushes for Schools to Reopen

As U.S. infections hit 3 million, the Trump administration presses local officials to reopen classrooms in the fall.As the total number of coronavirus...

How New Zealand’s media endangered public health | Coronavirus pandemic

New Zealand's health minister, David Clark, has been forced to resign and the nation's hyperactive media have claimed their latest scalp. In the...

How Do You Tell Your Child He Is Undocumented?

When Excel comes back nine months later, he surprises Maxima at home: She jumps up with “a switchblade aimed right at him,” mistaking...

PlayStation Store Update Worldwide – July 7, 2020

Each week Sony brings PlayStation 4, PlayStation 3, PlayStation Vita and PlayStation Portable owners new content, add-ons, games and more. PlayStation LifeStyle catalogs...

SAA pilots isolated as other unions gradually back severance scheme | News

South African Airways unions have largely indicated acceptance of voluntary severance packages as part of the airline’s rescue, after the government warned that...

2014 FIFA World Cup™ – News – Behind the World Cup record: Miroslav Klose

​Miroslav Klose broke Ronaldo's record on this day in 2014 He did it in front of the Brazilian's eyes Klose set...

Leave a reply

Please enter your comment!
Please enter your name here