Samsung, Rolls-Royce Information Exposed by Leaky Database, Security Firm Says

[InfoSec News <alerts () infosecnews org>]

https://www.gizmodo.co.uk/2020/05/samsung-rolls-royce-information-exposed-by-leaky-database-security-firm-says/

By Dhruv Mehrotra
gizmodo.co.uk
18 May 2020

Hypothetically, if you, a criminal, wanted to steal millions of dollars from a 
corporation, one place to start might be figuring out who it owes money to. 
Does it pay rent on any of its offices? How often does it make payments on the 
expensive software or equipment it leases? Which overworked account executive 
handles these payments and what would it take for her – eager to get home to 
her three kids after a long week – to accidentally authorise payment to you 
instead of the accounts she manages?

While the kinds of information required to pull off this type of social 
engineering attack are typically guarded behind corporate firewalls, British 
cybersecurity firm TurgenSec discovered that a database of precisely this type 
of data was left completely open, visible to any hacker with a web browser who 
took the time to look.

The database, which belongs to lease management software from a company called 
LeaseSolution, contains 6 million database entries detailing confidential 
business information from nine companies including Samsung and Rolls-Royce, 
according to TurgenSec researchers.

The database appears to have now been taken offline. LeaseSolution did not 
respond to Gizmodo’s request for comment. We have reached out to Samsung and 
Rolls-Royce and will update when we hear back.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_