Exploit: Insider Risk
Adafruit: Open-Source Hardware
Risk to Business: 2.847 = Moderate
An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.
Individual Risk: 2.802 = Moderate
Exposed data for users may include names, email addresses, shipping/billing addresses, order details, and order placement status via payment processor or PayPal.
How it Could Affect Your Customers’ Business Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.
Source: Bleeping Computer