Updated: The data leak impacted Tech Datas client servers, SAP systems, and more.
ByCharlie OsborneforZero DayJune 7, 2019 — 10:39 GMT (18:39 GMT+08:00)Topic:Security
Data breach leaves hundreds of POS units infected with malware
Nearly 140 bars, restaurants, and coffee shops all over the US have had POS systems infected with malware.
A veteran Fortune 500 company has plugged a data leak which exposed 264GB in client and business data to the public.
Tech Data, an IT infrastructure company with over 45 years in the business and $37.2 billion in sales for the 2019 fiscal year, was the source of the leak, vpnMentor researchers Noam Rotem and Ran Locar said ina blog post on Thursday.
Google Cloud goes down, taking YouTube, Gmail, Snapchat, and others with it
New attack creates ghost taps on modern Android smartphones
Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion
Checkers restaurant chain discloses card breach
According to the team, a log management server was leaking system-wide information. After discovering the server through vpnMentors web mapping project, the company took a sample of the leaked information, which was a serious leak as far as we could see.
With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) — including for a criminal defense attorney, a utilities service provider, and more, vpnMentor says.
See also:Massive Quest Diagnostics data breach impacts 12 million patients
Private API keys, bank and payment information, usernames and unencrypted passwords, and process information relating to Tech Data clients internal systems and SAP builds were exposed.
In addition, the Personally Identifiable Information (PII) of employees was available, including their full names, job titles, email addresses, physical addresses, as well as telephone and fax numbers.
Reseller contact and invoice data, payment and credit card information, and internal security logs were also leaked.
Due to the 264GB size of the database, only a small sample was taken, and so other forms of information may have also been made public.
There were enough details in this leak wherein a nefarious party could easily access users accounts — and possibly gain access to the associated permissions for said accounts, the researchers said.
TechRepublic:Windows 10 passwords wont expire: Why Microsoft says this will make your account safer
The exposed database was discovered on June 2, 2019, and Tech Data was informed on the same day. The Fortune 500 firm responded to vpnMentor requests on June 4 and on the same day the leak was fixed.
In related news, last month vpnMentor researchers uncovered an unsecured database containing85.4GB of security audit logswhich appear to belong to Pyramid Hotel Group clients including Marriott, Sheraton, Plaza, and Hilton Hotel locations.
CNET:Scam artists reportedly stole $19 million worth of iPhones
While Pyramid would not confirm the company owned the server, shortly after private disclosure, access to the leaking database was revoked.
Update 14.08 BST: A Tech Data spokesperson told ZDNet:
Tech Data recently learned of a security vulnerability involving a server associated with our StreamOne marketplace. Within hours of learning of this, the security vulnerability was corrected, and the server was disabled.
Based on what we know at this time, there is no evidence that the data stored on the affected server was misused for any unauthorized transactions or other fraud. We are continuing to investigate this incident and will satisfy all data reporting requirements, as needed.
We do not store any credit card numbers or bank account details in the StreamOne marketplace. Importantly, no credentials necessary for logging into StreamOne or other Tech Data customer accounts were included on the server.
Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0
Facebook to stop Huawei pre-installing apps on smartphones
Platinum APT hides backdoor communication in text
Remote attack flaw found in IPTV streaming service
Cryptojacking campaign strikes China with fileless attacks
Please review our terms of service to complete your newsletter subscription.
Major HSM vulnerabilities impact banks, cloud providers, governments
Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules).
Microsoft warns about email spam campaign abusing Office vulnerability
Dangerous spam campaign targets European users with backdoor trojan.
Opera, Brave, Vivaldi to ignore Chromes anti-ad-blocker changes, despite shared codebase
Other browser makers dont seem to be on board with Googles decision to neuter its extensions API, and essentially, ad blockers.
Diebold Nixdorf warns customers of RCE bug in older ATMs
ATM vendor rolls out software update, says no attacks detected in the wild, low chance of exploitation.
For two hours, a large chunk of European mobile traffic was rerouted through China
It was China Telecom, again. The same ISP accused last year of hijacking the vital internet backbone of western countries.
Ancient ICEFOG APT malware spotted again in new wave of attacks
ICEFOG malware resurfaces in the arsenal of multiple Chinese cyber-espionage groups, not just one.
Cybersecurity: How to get your software patching strategy right and keep the hackers at bay
Applying patches can lead to unwanted downtime – but leaving them uninstalled can also cause major issues. Is it possible to find a balance?
Windows 10 zero-day details published on GitHub
SandboxEscaper details new ByeBear zero-day impacting Windows 10 and Server 2019.
Robocalls: FCC wants them blocked by default but you may pay extra
Carriers are not banned from charging consumers to block robocalls under new proposals.