The business consulting firm Frost & Sullivan had information belonging to their customers and employees posted for sale on a hacking forum by the group KelvinSecurity Team. The information comes from unsecured folders which included databases and documents belonging to the company. Each database includes 6,000 or more records with the customer database including client names, email addresses, the company contact, whether they are confidential, and other non-sensitive data. The database that included information related to employees was more sensitive–it exposed first and last names, login names, email addresses, and hashed passwords. While KelvinSecurity claims to be a Business Intelligence Contractor, their actions say otherwise. The group stated that they discovered the folders while carrying out daily monitoring and after the discovery, they attempted to reach out to Frost & Sullivan. After receiving no response from Frost & Sullivan, KelvinSecurity decided to post the databases for sale on a hacking forum, which they claim was to create a sense of urgency. Frost & Sullivan secured the backups so that they were no longer exposed online. Bleeping Computer reached out to Frost & Sullivan for comment but had not received a response at the time of writing the original article.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.