PII, credit card numbers and CVVs leaked in Fieldwork data leak
Cybersecurity specialists Noam Rotem and Ran Locar from security firm vpnMentor recently discovered an exposed database belonging to Fieldwork, an operations management software firm for small and medium-sized companies. Full research is available at the following .
Experts claim that they discovered a large amount of exposed data stored in the database. The compromised information included full names, phone numbers, email address, payment card details, among other Fieldwork customer data.
“We contacted the company immediately after we discovered the incident,” cybersecurity services experts say. “The Fieldwork IT security team behaved very professionally and efficiently; less than twenty minutes after reporting the leak, the database had been secured”, the experts added.
The most relevant thing about the find is an automatic login link that allowed any user to access the company’s backend system; records in the backend included sensitive customer details, as well as multiple data about the company’s administrative activities.
According to the experts, the database was exposed for about thirty days. In addition, experts found that access was possible to access the company’s user portal, a potentially dangerous factor, as threat actors could access all customer records stored by the company. As if that wasn’t enough, hackers could block the company’s access to these accounts by simply making some changes to the backend.
The International Institute of Cyber Security (IICS) cybersecurity services experts believe that, in the event of a threat actor using the information exposed, potential fraudulent actions would have a significant impact on both for companies that work with this software as well as for Fieldwork.
“When a hacker manages to infiltrate a company’s systems, the chances of compromising a company’s operations are immense. In addition, suspending its activities would cost the company thousands of dollars in losses, not to mention the possibility of confidential customer data reaching the wrong hands,” the researchers added.
Originally published at https://www.securitynewspaper.com on July 8, 2019.
