(215) 792-6676

"Major Data Leak" Discovered at Fortune 500 Tech Data Corporation

“Major Data Leak” Discovered at Fortune 500 Tech Data Corporation

//
Posted By
/
Comment0
/
Categories

Reportedly, “[t]he research team at vpnMentor discovered a major data leak at the Tech Data Corporation (NASDAQ: TECD), a Fortune 500 company providing tech products, services, and solutions globally.” Further,“vpnMentor’s researchers, led by security researchers Noam Rotem and Ran Locar, identified the consequential data breach that exposes access to 264GB of Tech Data’s client servers, invoices, SAP integrations, plain-text passwords, and much more.” [Emphasis added.]

vpnMentoralso reported that “Tech Data – the 45 year old veteran infrastructure solutions company working with vendors such as Apple, Cisco, Samsung, Symantec, et al – had a full database leak that seemed to affect much of the corporate and personal data of clients and employees.”  According to vpnMentor, the data included, among other things, private API keys, bank information, payment details, and user names and unencrypted passwords.

According to Techcrunch.com,

[t]he server was running a database used for logging internal company events for its StreamOne cloud service, which let customers buy cloud services from a variety of providers and vendors. The logging data contained error data that Tech Data staff can use to troubleshoot issues that arise when customers try to buy service online.

But the tech giant did not put a password on the server, allowing anyone with a web browser to look over daily logs for the last several months.

. . . 

TechCrunch also obtained a portion of the records, which [was] examined for authenticity.

The database contained an array of data, but [TechCrunch] found large swathes of customer data, including names, postal addresses and email addresses, job titles and invoicing data and receipts. The records also contained partial payment information, such as card type, cardholder names and expiry dates.

Aside from obfuscated card numbers, none of the data was encrypted.

It’s not known exactly how many customer records are in the database. The portion of data . . . obtained contained data on tens of thousands of customers — but the database was vastly bigger in size. [Emphasis added.]

Kehoe Law Firm, P.C.