Following the data breach, as Bleeping Computer reports, it was determined that the exposed folder was discovered during a “daily monitoring routine” and included “the data of employees and clients among other tables that identify access as administrator.” The hacker group involved is called KelvinSecurity.
Looking into the situation for Digital Journal is Jumio CEO, Robert Prigge.
The analyst puts the data loss in context: “Frost & Sullivan’s breach of over 12,000 customer and company records adds even more personal information to the dark web, including email addresses, login names and employee hashed passwords.”
As for the implications, Prigge says: “As some hashed passwords can be easily deciphered, cybercriminals can use this information to log in to Frost & Sullivan’s database as the employee, gaining access to client personal information and other employee details.”
This type of situation poses risks to the reputation of companies, as Prigge notes: “As enterprises across all industries have trusted Frost & Sullivan for over 60 years, the company has a responsibility to keep customer and employee data safe, as do all companies with a digital presence.”
In terms of the actual risk rom the data loss, Prigge finds: “Because usernames and passwords were compromised, attackers can leverage bots and credential stuffing to try these stolen login credentials across thousands (or hundreds of thousands) of websites in search of an opening. Because of this omnipresent and growing threat , there’s no way for any online organization to confirm the authorized user is the one logging in. Biometric authentication (using a person’s unique human traits to verify identity) is a more secure alternative to passwords, giving only the account owner access.”