This year, the topic of cybersecurity has been particularly sensitive. Big companies such as AT&T, T-Mobile, the New York Times, and even Google confirmed data breach incidents. In most cases, the affected data is from years ago but may still be relevant to malicious third parties. Now, researchers discovered another massive data breach in ServiceBridge that exposed information from both businesses and individuals.
ServiceBridge is a field service management platform. These types of companies provide services that help manage common requirements and processes, such as pest control or maintenance personnel, among other things. Therefore, many companies turn to ServiceBridge, granting it access to third-party personal data. One would think that, when handling such sensitive information, the platform would boast strict security controls and protocols. Unfortunately, that was not the case.
Millions of files with sensitive data from ServiceBridge were freely available
Jeremiah Fowler, a security researcher, found a massive database with 31,524,107 files on the Internet. Surprisingly, the ServiceBridge database was freely available without any kind of protection. So, the 2.68 TB of data did not require any kind of security authentication. The massive data breach exposed sensitive information from companies in the US, Canada, and the UK.
The leak included many records and personal data of the staff of businesses that used ServiceBridge services. According to a Cybernews report, Fowler discovered “names, physical addresses, email addresses, phone numbers, and partial credit card data.” There is even more compromising or potentially dangerous data, such as “images of the inside and outside of properties or businesses.” Furthermore, the exposed information from medical companies includes “HIPAA patient consent forms and medical equipment agreements,” which contain sensitive information from all parties involved.
Exposed data could facilitate targeted invoice fraud or even physical attacks
The exposed data is from 2012, but as in other cases, it may still be relevant today. For example, malicious actors could have taken advantage of it to launch invoice fraud attacks on businesses. In 2022 alone, these types of attacks caused losses of more than $300,000 to American companies. Businesses in the United Kingdom have also seen a rise in invoice fraud in recent times.
The available information could facilitate targeted attacks, making them more dangerous and credible. Plus, the images of the properties could potentially jeopardize the physical integrity of those impacted. After receiving notice of the incident, ServiceBridge removed the exposed database. However, it is not known how long it was freely available on the Internet without any kind of protection.
The post Massive data breach exposed 32M business and personal files appeared first on Android Headlines.