ERP Provider Exposes 769 Million Records, Including API Keys And Email Addresses
A massive data breach involving ClickBalance, one of Mexico’s largest Enterprise Resource Planning (ERP) technology providers, has been uncovered by cybersecurity researcher Jeremiah Fowler.
The breach exposed a staggering 769,333,246 records, totaling 395 GB of data, in a non-password-protected database.
The exposed database contained potentially sensitive information, including:
Access tokens and API keys
Secret keys
Bank account numbers
Tax identification numbers
381,224 email addresses
ClickBalance offers cloud-based business services for automating administration, accounting, inventory, and payroll processes. The company’s ERP software is designed to centralize data and provide real-time information on various business operations.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Fowler discovered the unprotected database and promptly reported it to Website Planet. Within hours of being notified, ClickBalance restricted public access to the database.
However, it remains unclear how long the data was exposed or if any unauthorized parties accessed it.
The exposure of such sensitive data poses several significant risks:
Unauthorized Access: The leaked API keys and secret keys could potentially grant cybercriminals access to critical systems and sensitive data.
Phishing Attacks: With over 381,000 exposed email addresses, there is an increased risk of targeted phishing attacks. According to Deloitte, 91% of all cyberattacks begin with a phishing email.
Network Vulnerabilities: Exposed IP addresses could serve as a starting point for cybercriminals to identify and exploit network vulnerabilities.
Recommendations
In light of this breach, affected individuals and organizations should take the following precautions:
Change passwords to new, complex ones
Enable two-factor authentication (2FA) on accounts
Be cautious of unsolicited emails or suspicious information requests
Implement incident response protocols
Notify affected stakeholders, customers, and partners
Enhance data security measures
Conduct regular security audits
This incident highlights the significant data protection challenges faced by technology companies managing large amounts of sensitive information.
ERP, CRM, and CDM systems are particularly vulnerable due to the vast array of data they store for multiple customers.
As these systems continue to play a crucial role in modern business operations, providers must prioritize data security to maintain trust and protect their clients’ sensitive information.
While the full extent of the breach’s impact remains unknown, this incident underscores the need for constant vigilance and proactive security measures in an increasingly digital business landscape.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The post ERP Provider Exposes 769 Million Records, Including API Keys And Email Addresses appeared first on Cyber Security News.