SECURITY
SECURITY
SECURITY
Sales and marketing firm Inside Sales Solutions exposes 1.5M customer records
Sales and marketing company Insider Sales Solutions has suffered a data breach that left a database of 1.5 million customer records exposed online.
Discovered and publicized today Secure Thoughts in conjunction with security expert Jeremiah Fowler, the exposed database, entitled “shared,” was not password-protected. It included invoicing and payment records, references to reports and other potentially sensitive data.
Worse still, the database included records that contained an admin dashboard or portal login and passwords in plain text. Many of the passwords are described as “extremely weak.”
According to its website, Inside Sales Solutions offers “low-risk sales development services delivered by tech-sales experts.” It looks like a typical business-to-business sales operation, but where it becomes interesting is their claimed blue-chip client list: Dell Technologies Inc., Exabeam Inc., Forescout Technologies Inc., Fortinet Inc., Hewlett Packard Enterprise Co., RSA Security LLC, Sophos plc, Check Point Software Technologies Ltd., Cisco Systems Inc., Gigamon Inc., Juniper Networks Inc., Palo Alto Networks Inc. and IBM Corp.
“Leaving a database exposed without any authentication controls in place is a common security malpractice that could result in severe repercussions for both the organization at fault and its customers,” Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., told SiliconANLGE. “In this case, customer and partner emails, names and passwords were among the exposed information. This puts those affected at greater risk of falling victim to highly targeted phishing attacks, as well as having other online accounts with sensitive data compromised in credential stuffing attacks.
Robert Prigge, chief executive officer of end-to-end identification solutions company Jumio Corp., noted that criminals can leverage bots and so-called credential-stuffing to try these login credentials across countless websites.
“While exposing personal data due to a lack of password protection is a serious security lapse, passwords in general can no longer be trusted to keep data safe in today’s fraud environment since anyone with the account password can log in and pose as the user,” Prigge said. “Biometric authentication — using a person’s unique human traits to verify identity — is a more secure solution, ensuring data can only be accessed by authorized users and keeping data secure and out of fraudsters’ hands.”
Image: Inside Sales Solutions
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
