- Exposed data included the company’s client servers, invoices, SAP integrations, plain-text passwords, amongst others.
- It was discovered on June 2, 2019, by vpnMentor’s security researchers. Upon getting alerted, Tech Data took measures to secure the data.
Tech Data, a Fortune 500 company which specializes in IT products and services, has apparently left sensitive customer data out in the open. The exposed data was uncovered by security researchers from vpnMentor, led by experts Noam Rotem and Ran Locar. According to the researchers, a log management server leaked system-wide data that could have been exploited by attackers.
What data was involved?
- vpnMentor’s researchers found that a Graylog server belonging to Tech Data exposed email and personal user data, reseller contact and invoice information, payment data, internal security logs, unencrypted passwords, among others.
- Private API keys, personally identifiable information (PII) such as full names, job titles, email addresses, postal addresses, telephone, and fax numbers, were found in the database.
- Additionally, machine and process information of clients’ internal systems were also exposed.
Issue of high severity
The researchers, who discovered the exposed data on June 2, told that it could have significantly impacted Tech Data’s operations.
“As Tech Data is such a significant player in the industry, the exposed database left it vulnerable to competitors looking to gain an unfair advantage and for hackers to take control of the systems, exploiting it with ransomware and the like,” the researchers wrote.
Upon contacting Tech Data about this unsecured data, the company fixed the issue within two days.