According to this link, https://techcrunch.com/2019/
- The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network
- The database has no password
- The data included which operating system a user was running, its unique network identifiers and IP address, the status of the endpoint protection, and which patches were installed
- What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are. This data contained enough identifiable information to make it extremely simple to locate specific high value employees and in the hands of an attacker this leaked data could be used to silently monitor for ways to launch very targeted attacks on those executives
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.