HQ/EMEAFind out how we can help your business
One of the most prominent IT firms specialising in enterprise software, TmaxSoft, has unintentionally leaked a whopping two terabytes of data.
Based on reports, the compromised dataset contains over 50 million sensitive records. Researchers discovered in January an exposed Kibana dashboard that has been vulnerable for over two years that caused the massive data leak. The researchers reported this vulnerability to TmaxSoft earlier this year.
However, the company has remained silent despite the warnings of the exposed dashboard, leaving the treasure trove of information accessible to potential threat actors. The exposed dataset, totalling over 56 million records, contains critical information such as employee names, emails, phone numbers, employment contract numbers, and even the contents of sent attachments in various formats like docx and pdf.
The leaked data goes beyond basic employee details since it also included metadata of sent binaries, including executable names, file paths, and version information. Furthermore, the exposure of employee IPs, user agents, URLs of accessed internal tools, and internal issue tracking messages is even more concerning since these provide a comprehensive view of the company’s inner workings.
The inadvertent data leak that happened at TmaxSoft could breed various cybercriminal attacks.
Experts believe that the TmaxSoft data leak incident could have significant repercussions for every relevant individual to the company. These exposed troves of data could allow threat actors to understand their target better and choose specific employees to impersonate, potentially gaining access to critical tools.
Given the company’s expertise in middleware solutions for helping companies leverage critical data, the leaked information could enable threat actors to start a supply chain attack, affecting both Tmax clients and providers.
Furthermore, the company’s claim of partnering with major tech entities, including AWS, Google Cloud, Intel, VMware, and more, raises concerns about the extensive implications of the breach.
As of now, the leaked data, like company information and emails, requires urgent mitigation techniques to minimise the potential damage. TmaxSoft’s lack of response has prompted the researchers to seek assistance from The National Computer Emergency Response Team in Korea in patching the vulnerability and addressing the security lapse.
This incident is a developing story, and every relevant party intently awaits new details about the leaked information.
