Wednesday, September 27, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Xenomorph Android Banking Trojan Makes Landfall in US
  • Cyber Week 2023 & The Israel National Cyber Directorate Presents - Embracing the Quantum Computing Revolution: Unleashing the Opportunities for Cybersecurity
  • RagnarLocker Ransomware, LokiLocker Ransomware, and More: Hacker’s Playbook Threat Coverage Round-up: September 27th, 2023
  • Exposing A Portfolio of Personally Identifiable Email Address Accounts from An E-Shop for Stolen Credit Card Details
  • 3 Key Telltales That Unmask the Reach of SMS Fraud
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

SBN

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

by David Bisson on June 7, 2019

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information.

AWS Builder Community Hub

On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not require any authentication. This made it possible for anyone to view the server’s data at the time of discovery.

Rotem and Locar took a look inside the server and found that it contained 264 gigabytes worth of corporate information as well as personal data including names, email addresses and private API keys. There was also exposed machine and process information of clients’ internal systems, data which digital attackers could have used to target customers.

In their analysis of this information, the researchers found that the level of risk extended beyond the threat of a competitor using the exposed server to gain a business advantage. As they wrote in a blog post:

With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) – including for a criminal defense attorney, a utilities service provider, and more. There were enough details in this leak wherein a nefarious party could easily access users’ accounts – and possibly gain access to the associated permissions for said accounts.

Upon discovering the data leak, Rotem and Locar contacted Tech Data Corporation. The distributor responded within two days and fixed the leak that same day, a quick remediation time that prompted the researchers to praise the company for having acted “professional in handling news of the leak and [having] asked the real questions to solve the problem.”

Bobby Eagle, a spokesman for Tech Data Corporation, told Bank Information (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/fortune-500-company-addresses-weakness-behind-264gb-data-leak/

June 7, 2019June 7, 2019 David Bisson Data leak, IT Security and Data Protection, Latest Security News, Password, Server
  • ← BeiTaAd Adware Hidden in Google Play Apps | Avast
  • RCE Using Caller ID – Multiple Vulnerabilities in FusionPBX →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Thu 28

A Guide to Smart Dependency Management

September 28 @ 12:00 pm - 1:00 pm
Oct 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Oct 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Oct 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Oct 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Oct 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Oct 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Oct 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Oct 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Oct 26

How to Shift Left the Right Way

October 26 @ 3:00 pm - 4:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator
Data Security Posture Management: What’s Fact and What’s Fiction?
China Accuses US of Years of Cyber-Spying, Malware Campaigns
Signal Intros Quantum-Resistant Encryption for App
Don’t Ignore Data Sovereignty
Improve Your Organization’s Cloud Infrastructure with PeoplActive’s Cloud Consulting Services
A Guide to Understanding the Three CMMC Levels
The Role of AI and Machine Learning in Strengthening Cloud Security
Web Application Firewall vs Firewall: What You Need to Know
Mastering the Art of Vulnerability Prioritization: A Step-by-Step Guide

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Xenomorph Android Banking Trojan Makes Landfall in US
Application Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Xenomorph Android Banking Trojan Makes Landfall in US

September 26, 2023 Jeffrey Burt | Yesterday 0
More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator
Analytics & Intelligence API Security Application Security AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Insider Threats Malware Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

September 25, 2023 Richi Jennings | 1 day ago 0
Google: Chromebooks Will Get 10 Years of Software, Security Updates
Application Security Cybersecurity Data Security Endpoint Featured Industry Spotlight Malware Mobile Security Network Security News Security Boulevard (Original) Spotlight 

Google: Chromebooks Will Get 10 Years of Software, Security Updates

September 19, 2023 Jeffrey Burt | Sep 19 0

Top Stories

‘All of Sony’ Hacked, Claims Ransomed.vc Group
Analytics & Intelligence Application Security AppSec Blockchain CISO Conversations CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics DevSecOps Digital Currency Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Malware Most Read This Week Network Security News Popular Post Ransomware Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

‘All of Sony’ Hacked, Claims Ransomed.vc Group

September 26, 2023 Richi Jennings | Yesterday 0
Data Breaches from MOVEit Zero-Day Still Piling Up
Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Data Breaches from MOVEit Zero-Day Still Piling Up

September 25, 2023 Jeffrey Burt | 1 day ago 0
Qakbot Takedown Resembles Hack Back, Will Botnet, Malware Be Resurrected?
Analytics & Intelligence Application Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Qakbot Takedown Resembles Hack Back, Will Botnet, Malware Be Resurrected?

September 25, 2023 Teri Robinson | 1 day ago 0

Security Humor

Daniel Stori's ‘Forked’

Daniel Stori’s ‘Forked’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.