Incident Details
An IT enterprise based in South Korea that develops and markets software for businesses has inadvertently revealed more than 50 million sensitive records. The Kibana dashboard, which is 2 terabytes in size, has been accessible for a period exceeding two years. Researchers at Cybernews uncovered this issue in January 2023 after identifying the dataset as early as June 2021. Regrettably, the company has yet to reply to the disclosure notifications and interview requests from Cybernews. This exposed dashboard holds a significant amount of data that could potentially be exploited by malicious entities. The dataset consists of over 56 million records, although there are some duplicate entries.
Incident
How Did the Breach Happen?
A data breach occurred due to the inadvertent exposure of a Kibana dashboard with a capacity of 2 terabytes, which included confidential information. This dashboard had been unintentionally accessible for a period exceeding two years until it was detected by researchers from Cybernews in January 2023.
What Data has been Compromised?
More than 50 million confidential records have been exposed in the security breach. The compromised information consists of employee details such as names, email addresses, and phone numbers, as well as employee and employment contract identifiers. Additionally, the leaked data includes the contents of attachments that were sent, metadata from shared files, employee IP addresses, user agents, URLs of internal tools that were accessed, and messages related to internal issue tracking.
Why Did the company's Security Measures Fail?
The security measures of the company were ineffective as the Kibana dashboard was left exposed for a period of more than two years without being noticed or addressed. Despite receiving notification emails and requests for comments from Cybernews, the company did not take any action, resulting in the dashboard containing sensitive data being accessible and at risk of being exploited.
What Immediate Impact Did the Breach Have on the company?
The exact consequences of the security breach are not clearly stated in the information available. It is possible that the breach led to harm to the company's reputation and potential financial setbacks. Nonetheless, lacking precise information makes it challenging to ascertain the specific immediate effects.
How could this have been prevented?
Enhancing security measures, like conducting routine system checks for vulnerabilities, promptly addressing security alerts, and enforcing robust access controls and authentication processes, could have averted this breach. Furthermore, providing comprehensive training to employees on data security and response procedures could have played a crucial role in preventing the incident.
What have we learned from this data breach?
This incident underscores the significance of promptly addressing security alerts, consistently monitoring systems, and providing adequate training to employees on data security. It also emphasizes the importance of maintaining robust access controls and authentication methods to safeguard sensitive data.
Summary of Coverage
Tmax, a company that specializes in enterprise software, recently encountered a security incident in which more than 50 million confidential records were exposed through a public 2 TB Kibana dashboard. This breach remained unnoticed for a period exceeding two years until it was brought to light by researchers at Cybernews in January 2023. The company's inaction and inadequate protection of the dashboard left room for the potential misuse of the leaked data. To avert such breaches, it is essential to enhance security protocols and promptly address security warnings.