Exploit: Misconfiguration
Cronin: Digital Marketing Firm
Risk to Business: 1.917= Severe
Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data, and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords, and some unspecified PII and financial data were also exposed.
Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Information security is challenging enough without the complications of sloppy and dangerous mistakes like this.
Source: Website Planet