![2024 Upgrade Tesla Model Y Sunshade Roof [Never Sag, No Gaps, Nano Ice-Crystal Coatings]…](https://techcratic.com/wp-content/uploads/2024/11/61USyoncEvL._AC_SL1500_-360x180.jpg)
![Japanese Movie – The X From Outer Space (Uchu Dai Kaijyu Girara) [Japan BD] SHBR-263](https://techcratic.com/wp-content/uploads/2024/11/81rV3BDVGJL._SL1024_-360x180.jpg)
Deeba Ahmed
2024-08-26 12:20:18
hackread.com
A major database misconfiguration exposed millions of sensitive records belonging to ServiceBridge customers. Learn about the risks and consequences of this data exposure and how businesses can protect themselves from similar incidents.
Cybersecurity researcher Jeremiah Fowler has uncovered a major cloud server misconfiguration affecting ServiceBridge, a popular field service management platform based out of Chicago, IL, United States.
Fowler’s investigation revealed a database containing over 31 million records or 2.68 TB of data exposed online, revealing sensitive information belonging to ServiceBridge’s customers.
What’s worse, the database was available for public access without any password or security authentication. The exposed data included sensitive information such as names, addresses, email addresses, phone numbers, and even partial credit card data. Additionally, HIPAA patient consent forms and medical equipment agreements were found, revealing personal health information.
The documents dated back to 2012 and belonged to a diverse range of businesses, including private homeowners, schools, religious institutions, chain restaurants, LA casinos, medical providers, and more. The files, around 31,524,107 in number, were in PDF and.htm formats and included contracts, work orders, invoices, proposals, inspections, and completion agreements.
“In the limited sampling of documents I analyzed, the majority appeared to be US-based, but I also saw businesses and customers from Canada, the UK, and numerous European countries,” Fowler noted in his report shared with Hackread.com ahead of publication on Monday.
Upon notifying the company, the database was restricted from public access. However, it is unclear how long it remained exposed or if anyone else gained access. It is also unclear whether it was managed by ServiceBridge or a third party. It is worth noting that some files were marked with a GPS Insight logo, but no fleet management documents were found.
The exposure raises security and privacy concerns as potential risks include invoice fraud that affects both business-to-customer (B2C) and business-to-business (B2B) transactions and can lead to significant losses for businesses.
As per a 2022 report, an average US business lost $300,000 annually due to invoice schemes and payment fraud, while 52% of large companies experienced such scams in 2023. Exposed personal information could be used for identity theft, leading to financial loss and reputational damage.
Fowler found “site audit reports” offering images of internal and external premises of the businesses/properties. Additionally, the database exposed documents that could potentially compromise physical security, such as gate codes and access information for properties and businesses.
The incident highlights the importance of robust data security measures, including encryption, access controls, and regular security audits. ServiceBridge, as a provider of sensitive business information, has a responsibility to ensure the protection of its customers’ data.
RELATED TOPICS
- Data Leak Exposes Business Leaders and Top Celebrity Data
- Unsecured Database Exposed 39 Million Sensitive Legal Records
- Millions of US Voter Data Exposed in 13 Misconfigured Databases
- Mexico’s Largest ERP Provider ClickBalance Exposes 769M Records
- Database Mess: Aussie Food Giant Patties Foods Leak Trove of Data
Support Techcratic
If you find value in our blend of original insights (Techcratic articles and Techs Got To Eat), up-to-date daily curated articles, and the extensive technical work required to keep everything running smoothly, consider supporting Techcratic with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to future updates and improvements. I am committed to continually enhancing the site and staying at the forefront of trends to provide the best possible experience. Your generosity and commitment are deeply appreciated. Thank you!
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending any funds to ensure your donation is directed correctly.
Bitcoin QR Code
Your contribution is vital in supporting my efforts to deliver valuable content and manage the technical aspects of the site. To donate, simply scan the QR code below. Your generosity allows me to keep providing insightful articles and maintaining the server infrastructure that supports them.
Privacy and Security Disclaimer
- No Personal Information Collected: We do not collect any personal information or transaction details when you make a donation via Bitcoin. The Bitcoin address provided is used solely for receiving donations.
- Data Privacy: We do not store or process any personal data related to your Bitcoin transactions. All transactions are processed directly through the Bitcoin network, ensuring your privacy.
- Security Measures: We utilize industry-standard security practices to protect our Bitcoin address and ensure that your donations are received securely. However, we encourage you to exercise caution and verify the address before sending funds.
- Contact Us: If you have any concerns or questions about our donation process, please contact us via the Techcratic Contact form. We are here to assist you.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
