Updated on: July 25, 2024
In a significant cybersecurity incident, researcher Jeremiah Fowler uncovered a non-password-protected database containing 769 million records belonging to ClickBalance, a major ERP (Enterprise Resource Planning) technology provider in Mexico.
The exposed data included access tokens, API keys, secret keys, bank account numbers, tax identification numbers, and 381,224 email addresses. The database, totaling 395 GB, was publicly accessible until Fowler’s responsible disclosure prompted its restriction within hours.
“This type of exposed information can facilitate unauthorized access to critical systems and sensitive data, posing serious risks to the security of IT infrastructure and affected users,” Fowler said in his statement.
ClickBalance offers cloud-based ERP software, enabling organizations to manage and automate various business processes, including finance, human resources, and inventory.
The breach’s discovery raises concerns about data protection practices, given the sensitive nature of the information exposed. Although it is unclear how long the database was accessible or if unauthorized parties accessed it, an internal forensic audit is necessary to identify potential breaches.
The exposure of API and secret keys in plain text is particularly alarming. These credentials can grant unauthorized access to critical systems, leading to data theft, account takeovers, and service disruptions. Protecting such keys with robust access controls and secure storage practices is essential to mitigate these risks.
Email addresses, numbering over 381,000, pose significant phishing threats. According to Deloitte, 91% of cyberattacks start with a phishing email. Cybercriminals could exploit this breach to launch targeted phishing attacks, leveraging insider information to deceive recipients into revealing personal or financial data.
Organizations affected by data incidents should take protective measures, including updating passwords and enabling two-factor authentication (2FA). Customers and end users must also remain vigilant against unsolicited emails and suspicious information requests.
The breach highlights the importance of stringent cybersecurity measures for companies handling extensive customer data. Regular security audits and adherence to up-to-date cybersecurity best practices are crucial to prevent such incidents and protect sensitive information from cyber threats.
“Once data has been exposed online, companies should immediately implement incident response protocols and notify affected stakeholders, customers, and partners.”