Threat Watch

Frost & Sullivan Consulting Firm Suffers Data Breach; Data Sold on Hacking Forum

The business consulting firm Frost & Sullivan had information belonging to their customers and employees posted for sale on a hacking forum by the group KelvinSecurity Team. The information comes from unsecured folders which included databases and documents belonging to the company. Each database includes 6,000 or more records with the customer database including client names, email addresses, the company contact, whether they are confidential, and other non-sensitive data. The database that included information related to employees was more sensitive–it exposed first and last names, login names, email addresses, and hashed passwords. While KelvinSecurity claims to be a Business Intelligence Contractor, their actions say otherwise. The group stated that they discovered the folders while carrying out daily monitoring and after the discovery, they attempted to reach out to Frost & Sullivan. After receiving no response from Frost & Sullivan, KelvinSecurity decided to post the databases for sale on a hacking forum, which they claim was to create a sense of urgency. Frost & Sullivan secured the backups so that they were no longer exposed online. Bleeping Computer reached out to Frost & Sullivan for comment but had not received a response at the time of writing the original article.

ANALYST NOTES

Unsecured folders and databases can cause many issues. The information included in them can be used for identity theft, phishing attacks, and account hijacking just to name a few. In order to protect these databases and folders, it’s important to use strong passwords and enable two-factor authentication. When attackers discover unsecured folders or databases online, they often do not attempt to notify the company whose data is exposed. Attackers may go directly to selling data on forums or underground marketplaces, so it is important to regularly monitor these sites to be aware when stolen data advertised for sale could be the first indication of an ongoing data breach.

Source: https://www.bleepingcomputer.com/news/security/exposed-frost-and-sullivan-databases-for-sale-on-hacking-forum/