New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Indian IT Firm Exposes Sensitive Information

HCL is an Indian IT powerhouse that employs nearly 138,000 people and is also one of the top 20 publicly traded companies in the country of India. Recently it was discovered that the firm left sensitive customer and employee information open to the public. The first discovery was a file that contained keywords of customers and required no authentication to access, but the worst part is that it was found on a subdomain owned by HCL. Through further investigation of the page, researchers were able to find other pages which contained business and personal data which were also able to be viewed by anyone. At least two of the domains were exposing employee information. The first page was a dashboard that displayed 364 new employee records such as candidate ID, name, phone number, start date, start location, their recruiter’s SAP code, recruiter name, created date, username, password in cleartext, BGV status, offer accepted, and a link to the candidate form. The other page pertaining to employees gave away names and SAP codes of over 2,800 staff members. The company’s reporting system, SmartManage, had also been giving away Internal Analysis Reports, Weekly Customer Reports, and Installation Reports in regard to their clients. Luckily enough HCL employs a Data Protection Officer which many companies do not. So when they were notified of the instance, they were very quickly able to remedy the situation. Be on the lookout for a statement to be released by HCL in relation to this situation.

Analyst Notes

Thankfully HCL was very quick to fix the situation but it is unclear how long the information was exposed. Since information like mobile numbers and cleartext passwords belonging to employees were included, users should be aware that SMS scam attempts may increase and they should be vigilant when receiving texts from unknown numbers. Also, since passwords were included as well, they should be changed immediately and if that password was used to log on to any other account that password should be changed too.