South Korean Firm’s Email Leak Exposes Global Clients
Security researchers have discovered a South Korean company leaking highly sensitive client and personal emails, which has refused to engage with either them or journalists asking for more info.
Industrial pipe manufacturer DKLOK exposed an unprotected email database to the public internet, where white hat hackers from vpnMentor were able to probe it using simple port scanning techniques.
“Our team was able to access this database through a vulnerability in a peripheral system linked to their email hosting service, which has left its entire email database unsecured and unencrypted,” it explained in a blog post.
“The company uses an Elasticsearch database, which is ordinarily not designed for URL use. However, we were able to access it via browser and manipulate the URL search criteria into exposing schemata from a single index at any time.”
What they found was highly sensitive information about DKLOK’s operations, products and client relations. This included private emails between employees and clients featuring product prices and quotes, project bids and discussions about suppliers and internal projects and operations.
The leaked information covered the firm’s operations around the world, from Iran to Germany, Australia, the US and many other countries.
The database also included personally identifiable information (PII) on employees and customers, including full names, email addresses, phone numbers, personal emails and more.
The research team warned that cyber-criminals could monetize both corporate info and PII in a range of scenarios.
“Once stolen, the data could be sold to competitors and used to undercut DKLOK. The same tactic can also be used to target their clients. Hackers can use the knowledge gained by reading these emails for use in further corporate fraud. In any cyber-crime, information is crucial. The more private information you can gather about a company, the better you can target them for fraud or malicious attacks,” argued vpnMentor.
“Finally, with access to the personal details and private emails of DKLOK employees, hackers can target individuals for attacks like phishing campaigns.”
However, it appears as if the South Korean firm is adopting a head-in-the-sand approach to the discovery, having refused to respond to vpnMentor.
The researchers said that access to DKLOK’s email database enabled it to see that its repeated attempts to contact the firm have been received. It also saw the firm actively bin an email from a journalist asking for more info on the leak.