vpnMentor’s researchers, led by security researchers Noam Rotem and Ran Locar, identified the consequential data breach that exposes access to 264GB of Tech Data’s client servers, invoices, SAP integrations, plain-text passwords, and much more. Tech Data recently announced their quarterly earnings reports, which exceeded expectations and reflected a year over year increase (source: Nasdaq). More than 1 in 4 Fortune 500 companies have been hacked in the last decade, so Tech Data is part of an elite, but particularly vulnerable, club.
Timeline of Discovery and Reaction
Editor’s Note: It’s worth noting that Tech Data’s team was very professional in handling news of the leak and asked the real questions to solve the problem. We commend their expertise and dedication.
Information Included in the Data Leak
Tech Data - the 45 year old veteran infrastructure solutions company working with vendors such as Apple, Cisco, Samsung, NortonLifeLock, et al - had a full database leak that seemed to affect much of the corporate and personal data of clients and employees. We saw that there was a log management server (Graylog) that was leaking system-wide data. This contained email and personal user data, as well as reseller contact and invoice information, payment and credit card data, internal security logs, unencrypted logins and passwords, and more. This was a serious leak as far as we could see, so much so that all of the credentials needed to log in to customer accounts were available. Due to ethical reasons - and because of the size of the database - we could not go through all of it and there may have been more sensitive information available to the public than what we have disclosed here. Some of the available data included:
Private API keys Bank information Payment details Usernames and unencrypted passwords Full PII (personally identifying information) are visible, including: Full names Job titles Email addresses Postal addresses Telephone numbers Fax numbers
Also included was machine and process information of clients’ internal systems, in which errors were available and that could easily help less-friendly hackers find out more about the system and its mechanics.
The Danger of Exposing this Information
With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) - including for a criminal defense attorney, a utilities service provider, and more. There were enough details in this leak wherein a nefarious party could easily access users’ accounts - and possibly gain access to the associated permissions for said accounts.
As Tech Data is such a significant player in the industry, the exposed database left it vulnerable to competitors looking to gain an unfair advantage and for hackers to take control of the systems, exploiting it with ransomware and the like.
One of the private API keys discovered from the database
How We Found the Data Breach
vpnMentor’s research team is currently undertaking a huge web mapping project. Using port scanning to examine known IP blocks reveals gaps in web systems, which are then examined for vulnerabilities, including potential data exposure and breaches. Tapping into years of experience and know-how, the research team examines the database to confirm its identity. After identification, we reach out to the database’s owner to report the leak. Whenever possible, we also alert those directly affected. This is our version of putting good karma out on the web – to build a safer and more protected internet.
Advice from the Experts
Could this data leak have been prevented? Absolutely! Companies can avoid such a situation by taking essential security measures immediately, including: For more in-depth information on how to protect your business, check out how to secure your website and online database from hackers.
Check Out More Data Leaks We’ve Discovered
vpnMentor is the world’s largest VPN review website. Our research lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data. Additional cybersecurity risks discovered by our team include explicit messages leaked by a dating app, which left vulnerable over 200,000 users - including government employees - to potential blackmail and extortion, as well as the exposure of detailed security logs from a prominent hotel management group. Please share this report on Facebook or tweet it.