"Fowler also found exposed backup files, including operational metadata and system logs. Business logic was also found, including codes, optimization processes, product tiers, rate structures and more. With the exposed data, a malicious actor could - hypothetically - perform numerous actions. By leveraging names, emails or user IDs, the actor could enact credential stuffing, phishing or other social engineering attacks, possibly compromising sensitive internal systems or information ."
"The database was discovered by Cybersecurity Researcher Jeremiah Fowler, who sent a responsible disclosure notice but has not yet received any correspondence from the organization. However, the database has since been restricted and is no longer accessible. While the data appears to belong to the credit union, it is unknown if the itself belongs to the institution or if it is owned and managed by a third-party."
A publicly exposed database appearing associated with Navy Federal Credit Union contained 378.7 GB of information. The database was discovered by Jeremiah Fowler, who submitted a responsible disclosure and has not received correspondence; access to the database has since been restricted. Ownership and management of the database remain unclear, and the duration of exposure and whether any malicious access occurred are unknown. Exposed items included backup files, operational metadata, system logs, and business logic such as codes, optimization processes, product tiers, and rate structures. Exposed personal identifiers like names, emails, and user IDs could enable credential stuffing, phishing, social-engineering, or supply-chain attacks.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]