[BreachExchange] DK-Lok data breach exposes global enterprise client data, internal emails

Destry Winant destry at riskbasedsecurity.com
Thu Sep 5 10:22:27 EDT 2019


https://www.zdnet.com/article/dklok-data-breach-leaked-global-enterprise-client-internal-emails/

Perhaps, one day, the continual stream of data leaks and cybersecurity
breaches stemming from open databases will make organizations sit up,
take notice, check their IT infrastructure, and resolve any security
problems they find.

Today is not that day it seems for DK-Lok, the latest entry in a long
list of companies which have left their private emails and
communications available for the world to see.

On Thursday, cybersecurity firm vpnMentor publicly revealed the
existence of an open database belonging to the South Korean industrial
manufacturer.

The database was discovered during vpnMentor's web mapping project, in
which port scanning is used to find online systems without any form of
authentication or access restrictions in place.

DK-Lok is an industrial supplier of goods including fittings, pipes,
valves, and semiconductor regulators. The company supports a global
customer base and has established sales offices & distributors across
the US, Europe, and beyond.

An email platform found by the researchers, led by Noam Rotem and Ran
Locar, revealed DK-Lok's internal and external communications records.
It is possible to read emails sent between staff, their clients, as
well as a selection of private emails routed through the platform.
Personal messages received on work addresses include online e-commerce
order notes, newsletters, and emails sent by hotel operators.

ZDNet verified the existence of the database, which remains open at
the time of writing.

Many of the emails were marked "private" and "confidential." The
organization is exposing emails relating to its operations, products,
and clients -- including product bids, quotes, travel details, and
private conversations, all of which could have inherent value to
competitors.

Alongside emails, full client and staff names, telephone numbers, and
user IDs have also become exposed.

It is not just the manufacturer that is embroiled in the data leak.
Client communications and information, too, is involved, spanning from
the US and South Korea to New Zealand, South Africa, and Australia,
among other countries. One entry, as shown below with redacted
information, appears to relate to an email been sent by the Australian
government.

On the grounds of ethics, it is not known exactly how many external
companies have been involved in the breach, as finding out would
require a deep-dive into the available data.

However, vpnMentor told ZDNet that at least 1,500 ".co.uk" email
addresses were leaked, which may indicate how many British companies
-- at least, those not using ".com" email addresses -- have been
unwittingly involved. As this figure relates to the UK alone, the
number of those impacted worldwide could be many thousands.

"This data breach has many negative implications for DK-Lok," the
researchers say. "The most obvious is the reputational damage caused
to the company. Aside from the internal emails found in the leak,
DK-Lok clients would also be concerned to learn their emails were also
exposed and visible."

VpnMentor and ZDNet first reached out to DK-Lok on 21 August following
the discovery of the open database. Over the course of several weeks,
numerous attempts were made over phone and email asking for DK-Lok to
respond and remove access to the open system.

Emails sent to the company to inform them of the leak, ironically, are
also viewable -- as well as indicators that at least one email sent by
ZDNet was read and then sent to the trash bin. In a final bid over the
phone, once the situation was explained, the company cut off the call.

DK-Lok has yet to acknowledge the security issue or the researchers' findings.

Back in May, vpnMentor researchers stumbled across an unsecured
database belonging to Pyramid Hotel Group. The open database exposed
85GB in security logs impacting 96 locations.


More information about the BreachExchange mailing list