Enterprise software developer exposed 82 million logging records, among them Amazon-owned company
In early July, Security Researcher Jeremiah Fowler, in partnership with the Cooltechzone research team, discovered a non-password-protected database that contained over 82 million records.
The records had information that referenced multiple companies, including Whole Foods Market (owned by Amazon) and Skaggs public safety and uniform company that sells uniforms for Police, Fire, and Medical customers all over the United States.
The logging records exposed a large number of customer order records, names, physical addresses, email, and partial credit card numbers, and more. These records were marked as “Production”.
Table of Contents:
The size of leaked data is following:
- Total Size: 9.57 GB
- Total Records when first discovered: 28,035,225 (4/25- 7/11)
- Total Records when notice was sent 82,099,847 (4/25- 7/30)
- Logging records that expose user internal user names and customer data
- Visa, MasterCard, American Express: Partial credit card information, authorization tokens, codes, other transaction data
- Security and administrative data that could be used to bypass credentials
- This information could be used in a phishing attack internally or to send fake invoices to customers using internal records. Enough information to create a successful Man-in-the Middle Attack
- Internal notes about business processes. The files also show where data is stored and a blueprint of how the network operates from the backend.
These were millions of logging records that did not have any specific order, so it is hard to fully understand just how many individuals were affected.
The Whole Foods records identified internal user IDs of their procurement system, IP addresses, and what appear to be authorization logs or successful login records from an activity monitoring system.
Other logs had references to Smith System, a School Furniture manufacturer, and Chalk Mountain Services, a trucking leader in the Oilfield Services Industry.
The majority of the payment and credit records appeared to be connected to Skaggs Companies public safety and uniform. They operate multiple locations and have offices in Colorado, Utah, and Arizona. We ran several queries for words such as police and fire and could see multiple agencies and their orders, notes, and customization requests.
Logging can identify important security information about a network. The most important thing about monitoring and logging is to understand that they can inadvertently expose sensitive information or records in the process.
Reviewing logs regularly is an important security step that should not be overlooked, but often is. These reviews could help identify malicious attacks on your system or unauthorized access.
Unfortunately, because of the massive amount of log data generated by systems, it is often not logical to manually review these logs, and they get ignored. It is vital to ensure that records are not kept for longer than is needed, sensitive data is not stored in plain text, and public access is restricted to any storage repositories.
The real risk to customers is that criminals would have insider information that could be used to socially engineer their victims.
As an example, there would be enough information to call or email and say, "I see you just purchased our product recently and I need to verify your payment information for the card ending in 123". The unsuspecting customer would have no reason to doubt the verification because the criminal would already have enough information to establish trust and credibility.
Or, using a "Man in the Middle" approach, the criminal could provide invoices to partners or customers with different payment information so that the funds would be sent to the criminal and not the intended company.
Internal records can also show where data is stored, what versions of middleware are being used, and other important information about the configuration of the network.
This could identify critical vulnerabilities that could potentially allow for a secondary path into the network. Middleware is considered “software glue” and serves as a bridge between two applications. Middleware can also introduce added security risks.
Using any 3rd party application, service, or software creates a scenario where your data may be out of your control. As we always say, "data is the new oil," and it is extremely valuable.
Often when there is a data exposure, it happens because of human error, misconfiguration, and not malicious intent. We would highly recommend changing all administrative credentials in the event of any data exposure to be on the safe side.
It is unclear exactly how long the database was exposed and who else may have gained access to the publicly accessible records. Only a thorough cyber forensic audit would identify if the dataset was accessed by other individuals or what activity was conducted.
It is also unclear if clients, customers, or authorities were notified of the potential exposure.
According to their website, ProQuality offers enterprise Dev-Ops platform services for a wide range of business solutions.
Windfall ERP is a premier product from ProQuality offering ERP solutions for manufacturing, distribution, and retail. Enterprise Resource Planning (ERP) is the integrated management of main business processes, procurement, retail sales, etc.
Their website also lists well-known clients such as American Airlines, Southwest Airlines, BNSF Railways, and others.
Disclaimer: We are not implying any wrongdoing by ProQuality, their partners, or clients and only highlighting our discovery to raise data protection awareness and promote cybersecurity best practices. We are not implying that any customers were ever at risk, and we publish our discoveries for educational purposes.