Security researchers have discovered a database belonging to Data management firm Veeam left unsecured and publicly exposed. The database contains over 200 GB of data.
Veeam is a Swiss-based company which provide intelligent data management software for virtual, physical and multi-cloud infrastructures.
The researcher discovered the database on September 5th and according to Shodan unsecured Amazon server was indexed on August 31st. The server was left open until September 9th.
The database contains approximately 445 million records which include customers first and last name, email address, country and some attribute values such as IP address, referrer URL address, user agent etc.
The records in the database were timestamped between 2013 to 2017.
Bob Diachenko said the server was secured after several attempts from him and Zack Whittaker of TechCrunch to notify the company.
In the first analysis, it was identified as a database originated from a Marketo server and on further analysis, it was discovered the data was part of Veeam marketing server infrastructure.
“Even taking into account the non-sensitivity of data, the public availability of such large, structured and targeted dataset online could become a real treasure chest for spammers and phishers. It is also a big luck that database was not hit by a new wave of ransomware attacks which have been specifically targeting MongoDBs.” said in the post published by security researcher Bob Diachenko
The company responded to the incident in a statement that “It has been brought to our attention that one of our marketing databases, leaving a number of non-sensitive records (i.e. prospect email addresses), was possibly visible to third parties for a short period of time. We have now ensured that ALL Veeam databases are secure. Veeam takes data privacy and security very seriously, and a full investigation is currently underway,”.
You may be interested in reading:Mac Adware Doctor App Discovered Stealing Sensitive Information of Users