Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
An unprotected Cassandra instance containing user emails, SIP tokens, and physical locations was discovered on October 6th by Cybernews researchers. The dataset belongs to MetroGuild India`s metroleads.com and is thought to have been open for entire days.
According to the researchers, threat actors had more than enough time to feast on the data bounty inside, so from now on Metroleads customers should be on guard for phishing attacks or impersonation attempts.
The Incident in Numbers
4,500 user emails that belong to different companies were exposed and could be used by cybercriminals, as we speak, for a variety of attacks.
Inside the dataset, there were also 9,000 SIP tokens which were linked with user accounts. Session Initiation Protocol is used daily by billions of people all over the world when communicating with each other through mainstream apps such as Zoom and Whatsapp. These exposed data could lead to ongoing calls being hijacked or to threat actors impersonating one of the companies in cause.
It is equally unsettling that more than 800,000 user location and coordinate records were also a part of the open data set, along with information about the exact moment the users were in that specific place. This kind of information could be, according to Aras Nazarovas, one of the Cybernews researchers, used to track basically any employee of those companies.
“The location information could be used to track specific employees or high-ranking officers of these organizations.”, warns Nazarovas.
Besides all that, 432 entries of user device information were also in the dataset, with information about language settings and time zones included.
How are Open Datasets a Risk for Companies?
What happened in October at Metroleads is not an isolated case, nor is it the first leaky database that Cybernews researchers found. It also happens to the best and, more important, it might also happen to big market players that already took things seriously and adopted some cybersecurity for businesses measures to protect themselves from this kind of situation.
The bad news is that no matter how quickly a company reacts after discovering a database leak, it can never be sure they were quick enough to close it in time. Leaving a database open could have catastrophic consequences. The company could fall victim to a ransomware attack, could have its data stolen and used in malicious ways, which could lead to losing its clients` trust, or could even have their data deleted for good.
If you liked this article, make sure you follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
