By Waqas
February 4, 2023 Source: Hack Read Photo / Image Source: Unsplash,
The cause of the data leak is an ongoing server misconfiguration, identified by researchers on Shodan, the search engine for IoT devices. The misconfigured server is still exposing the data, and there has been no response from the company since their only contact email address available to the public is bouncing back all emails. India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem. According to the IT security researcher Anurag Sen working with Italian cyber security firm FlashStart, the organization has exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication.
According to Hackread.com, the leaked data includes sensitive information such as customer records, invoices, and payment details across India. Not only that, but it also contains other personal information, such as names, addresses, and contact numbers of both customers and employees.
FR8 claims to be “India’s largest truck transport service company,” currently operating in over 60 cities across the country.
Anurag discovered the server on Shodan while searching for misconfigured cloud databases on January 30th, 2023. The researchers informed FR8 about the leak, but they did not receive any response. Their only contact email address available to the public is bouncing back all emails.
For your information, Shodan is an OSINT tool and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.
As for FR8, what is worse, at the time of writing, the server is still live and is exposing the following details:
Full name
Mobile number
Internal document
Delivery Full address
Bank payment details
Delivery Vehicle Details
Internal employee details
India has a server misconfiguration issue With a population of over 1.4 billion people, India is a lucrative place for businesses to invest and for cybercriminals to target. The more investment there is, the more widespread and vulnerable the IT infrastructure becomes.Just a couple of weeks ago, Hackread.com exclusively reported on how an Enterprise Resource Planning (ERP) software provider had exposed half a million Indian job seekers’ data.
Last year, several top data exposure-related incidents involving tens of millions of victims were reported from India. These included Covid antigen test results, Indian Federal Police and banking records, MyEasyDocs, online packaging marketplace Bizongo, and more. Impact Since the server is live and there has been no response from the company, the chances of misuse and abuse of data are high if it gets into the hands of a third party with malicious intent.
While the data can be exploited to carry out identity theft-related fraud, hackers can hold the company’s server or data for ransom and leak it on cybercrime forums if their demands are not met.
Misconfigured Databases – Threat to Privacy As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.
In 2021, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:
USA – 93,685 databases
China – 54,764 databases
Germany – 11,177 databases
France – 9,723 databases
India – 6,545 databases
Singapore – 5,882 databases
Hong Kong – 5,563 databases
Russia – 5,493 databases
Japan – 4,427 databases
Italy – 4,242 databases
How can such practices impact your health? Why? How?
Share the wealth of health with your friends and family by sharing this article with 3 people today.
If this article was helpful to you, donate to the Shidonna Raven Garden and Cook E-Magazine Today. Thank you in advance.