UPDATED 22:16 EDT / MARCH 11 2021

SECURITY

Sales and marketing firm Inside Sales Solutions exposes 1.5M customer records

Sales and marketing company Insider Sales Solutions has suffered a data breach that left a database of 1.5 million customer records exposed online.

Discovered and publicized today Secure Thoughts in conjunction with security expert Jeremiah Fowler, the exposed database, entitled “shared,” was not password-protected. It included invoicing and payment records, references to reports and other potentially sensitive data.

Worse still, the database included records that contained an admin dashboard or portal login and passwords in plain text. Many of the passwords are described as “extremely weak.”

According to its website, Inside Sales Solutions offers “low-risk sales development services delivered by tech-sales experts.” It looks like a typical business-to-business sales operation, but where it becomes interesting is their claimed blue-chip client list: Dell Technologies Inc., Exabeam Inc., Forescout Technologies Inc., Fortinet Inc., Hewlett Packard Enterprise Co., RSA Security LLC, Sophos plc, Check Point Software Technologies Ltd., Cisco Systems Inc., Gigamon Inc., Juniper Networks Inc., Palo Alto Networks Inc. and IBM Corp.

“Leaving a database exposed without any authentication controls in place is a common security malpractice that could result in severe repercussions for both the organization at fault and its customers,” Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., told SiliconANLGE. “In this case, customer and partner emails, names and passwords were among the exposed information. This puts those affected at greater risk of falling victim to highly targeted phishing attacks, as well as having other online accounts with sensitive data compromised in credential stuffing attacks.

Robert Prigge, chief executive officer of end-to-end identification solutions company Jumio Corp., noted that criminals can leverage bots and so-called credential-stuffing to try these login credentials across countless websites.

“While exposing personal data due to a lack of password protection is a serious security lapse, passwords in general can no longer be trusted to keep data safe in today’s fraud environment since anyone with the account password can log in and pose as the user,” Prigge said. “Biometric authentication — using a person’s unique human traits to verify identity — is a more secure solution, ensuring data can only be accessed by authorized users and keeping data secure and out of fraudsters’ hands.”

Image: Inside Sales Solutions

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU