10,000 Employee Credentials Leaked in Major Data Breach
In a concerning data leak, personal details of employees from around 900 companies, including well-known giants like Dell, Capital One, and Verizon, have been exposed online. The culprit? A third-party app called Simpli, previously known as Charm City Concierge.
The breach was uncovered by Cybernews researchers, who stumbled upon an open web directory containing backups of Simpli’s app database and website, dating back to January 2024. The directory, left publicly accessible, revealed as many as 10,000 employee credentials. Many of these credentials were tied to corporate email addresses, raising the risk of targeted cyberattacks against these companies.
The Danger of Supply Chain Attacks
The exposed information didn’t just include email addresses and hashed passwords; it also unveiled operational details like meeting purposes and attendee lists. Such leaks can make organizations susceptible to data theft and other malicious activities.
This incident underscores the growing threat of supply chain attacks. Even as companies bolster their cybersecurity measures, vulnerabilities in third-party services remain a critical weak point. Hackers often exploit these weaker links within a supply chain to infiltrate otherwise secure systems. Recent studies highlight the gravity of the issue, indicating that third-party attack vectors have been involved in nearly 30% of data breaches over the past few years. Alarmingly, 98% of organizations have a third-party affiliation with a history of data breaches, making this a pressing security issue.
As companies increasingly rely on external services, the need for stringent cybersecurity measures across all touchpoints in their networks becomes ever more crucial. This breach serves as a stark reminder of the importance of securing every link in the chain.
Are you in need of reliable IT solutions for your business? Get in touch with us to book a consultation.
Source: BleepingComputer