U.S. business consulting firm Frost & Sullivan was breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum.
Frost & Sullivan is a business consulting firm that assists companies in growth strategy, market research, on corporate training. With 40 locations throughout the world and over 1,800 employees, Frost & Sullivan is a well-known consulting firm.
On Monday, a group known as 'KelvinSecurity Team' posted to a hacker forum stating that they were selling various databases related to Frost & Sullivan's employees and customers.
KelvinSecurity states that they are 'Business Intelligence Contractors', but a report by InfoArmor describes them as a group known for less legal activities.
In the forum post, the group states that the data being sold includes 6,000 customer records and 6,146 records for companies.
In a conversation with Beenu Arora, CEO of cybersecurity intelligence firm Cyble, BleepingComputer was told that the data breach was caused by an unsecured backup folder that contained databases and company documents.
"The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. The backup directory had its employees and customers records, along with other confidential information," Arora told BleepingComputer.com.
The customer database contained information such as the client name, email address, the company contact, whether they are confidential, and other non-sensitive data.
On the other hand, the exposed employee database had more sensitive information such as first and last names, login names, email addresses, and hashed passwords.
In a conversation with KelvinSecurity Team, BleepingComputer was told that the exposed folder was discovered during a "daily monitoring routine" and included "the data of employees and clients among other tables that identify access as administrator."
When asked why they were selling the data, they stated that they had tried to contact the company but received no response. To generate 'alarm,' they decided to sell the data to get Frost & Sullivan to respond.
"It was not a purpose to take a database and sell it. We have tried to get in contact, but like many companies, they do not answer our requests, and we sell the database to generate an alarm and quote with these companies," KelvinSecurity Team told BleepingComputer.
KelvinSecurity claims that they have not sold the data and are hoping the Frost & Sullivan contact them "to solve and eliminate the sale attempt."
Cyble Inc has told BleepingComputer that at this point, it does not matter as the backup folder has been secured and is no longer exposed online.
BleepingComputer has contacted Frost & Sullivan with questions about this data breach but has not received a reply.