Exploit: Unauthorized database access
Covve: Address book app
Risk to Small Business: 2.208 = Severe
A cybersecurity researcher identified an unsecured database containing millions of customers’ personal data. The database was first discovered in February, but the breach wasn’t linked to Covve until May 15th. It took the company several days to identify the scope of the incident before notifying customers. Although the company notes that the breach contains “mostly scrapable data from public sources,” it will undoubtedly have meaningful customer satisfaction and public relations blowback for the company.
Individual Risk: 2.702 = Moderate
The exposed database includes some users’ names, job titles, email addresses, phone numbers, and physical addresses. Covve notes that account details, including login credentials, remain secure, but this information can be repurposed for numerous identity and financial crimes. Those impacted by the breach should enroll in an identity monitoring service to ensure the long-term integrity of their information, and they need to carefully vet their incoming messages to identify potential spear phishing messages.
Customers Impacted: 23,000,000
How it Could Affect Your Customers’ Business: Today’s companies are constantly under siege from bad actors, making an accidental, avoidable data breach especially problematic. Given the numerous ways that company or customer data can make its way into the wrong hands, every company needs advanced notification when their information could be compromised.
Source:
https://portswigger.net/daily-swig/covve-revealed-as-source-of-data-breach-impacting-23m-individuals