Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

Report: Data Breach at Fortune 500 Tech Company

The research team at vpnMentor discovered a major data leak at the Tech Data Corporation (NASDAQ: TECD), a Fortune 500 company providing tech products, services, and solutions globally.

vpnMentor’s researchers, led by security researchers Noam Rotem and Ran Locar, identified the consequential data breach that exposes access to 264GB of Tech Data’s client servers, invoices, SAP integrations, plain-text passwords, and much more.

Tech Data recently announced their quarterly earnings reports, which exceeded expectations and reflected a year over year increase (source: Nasdaq). More than 1 in 4 Fortune 500 companies have been hacked in the last decade, so Tech Data is part of an elite, but particularly vulnerable, club.

Timeline of Discovery and Reaction

Data Leak Discovered  June 2, 2019
Reached Out to Tech Data June 2, 2019
Attempted to Contact Tech Data Again June 4, 2019
Tech Data Team Responded June 4, 2019
 Data Leak Fixed June 4, 2019

Editor’s Note: It’s worth noting that Tech Data’s team was very professional in handling news of the leak and asked the real questions to solve the problem.  We commend their expertise and dedication.

Information Included in the Data Leak

Tech Data – the 45 year old veteran infrastructure solutions company working with vendors such as Apple, Cisco, Samsung, NortonLifeLock, et al – had a full database leak that seemed to affect much of the corporate and personal data of clients and employees.

We saw that there was a log management server (Graylog) that was leaking system-wide data. This contained email and personal user data, as well as reseller contact and invoice information, payment and credit card data, internal security logs, unencrypted logins and passwords, and more.

This was a serious leak as far as we could see, so much so that all of the credentials needed to log in to customer accounts were available.

Due to ethical reasons – and because of the size of the database –  we could not go through all of it and there may have been more sensitive information available to the public than what we have disclosed here.

Some of the available data included:

  • Private API keys
  • Bank information
  • Payment details
  • Usernames and unencrypted passwords
  • Full PII (personally identifying information) are visible, including:
    • Full names
    • Job titles
    • Email addresses
    • Postal addresses
    • Telephone numbers
    • Fax numbers

Also included was machine and process information of clients’ internal systems, in which errors were available and that could easily help less-friendly hackers find out more about the system and its mechanics.

The Danger of Exposing this Information

With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) – including for a criminal defense attorney, a utilities service provider, and more. There were enough details in this leak wherein a nefarious party could easily access users’ accounts – and possibly gain access to the associated permissions for said accounts.

As Tech Data is such a significant player in the industry, the exposed database left it vulnerable to competitors looking to gain an unfair advantage and for hackers to take control of the systems, exploiting it with ransomware and the like.

One of the private API keys discovered from the database

How We Found the Data Breach

vpnMentor’s research team is currently undertaking a huge web mapping project. Using port scanning to examine known IP blocks reveals gaps in web systems, which are then examined for vulnerabilities, including potential data exposure and breaches.

Tapping into years of experience and know-how, the research team examines the database to confirm its identity.

After identification, we reach out to the database’s owner to report the leak. Whenever possible, we also alert those directly affected. This is our version of putting good karma out on the web – to build a safer and more protected internet.

Advice from the Experts

Could this data leak have been prevented? Absolutely! Companies can avoid such a situation by taking essential security measures immediately, including:

  1. First and foremost, secure your servers.
  2. Implement proper access rules.
  3. Never leave a system that doesn’t require authentication open to the internet.

For more in-depth information on how to protect your business, check out how to secure your website and online database from hackers.

Check Out More Data Leaks We’ve Discovered

vpnMentor is the world’s largest VPN review website. Our research lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data.

Additional cybersecurity risks discovered by our team include explicit messages leaked by a dating app, which left vulnerable over 200,000 users – including government employees – to potential blackmail and extortion, as well as the exposure of detailed security logs from a prominent hotel management group.

Please share this report on Facebook or tweet it.

About the Author

Anonymous experts who write for vpnMentor but keep their identity secret.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.