Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Dun and Bradstreet - 33 Million Records Leaked From This US Corporate Database

 

The American company Dun & Bradsheet Inc. is providing commercial data to various businesses for marketing, lead scoring, to check credit history, to match social identity, supply chain management, and many other purposes. According to a blog post of Troy Hunt, around 33 Million NetProspex accounts have been leaked by Dun & Bradsheet. The Troy Hunt is the owner of famous data breach notification website www.haveibeenpwned.com where internet users can test their email accounts anytime. The NetProspex was a different company but it had been acquired by Dun & Bradsheet in 2015 for $125 Million. The leaked records belong to NetProspex servers and D&B is controlling these servers. The leaked data is about 52 GB in size. It contains 33.7 Million corporate accounts of US citizens.

 

The Leaked Information

The company is selling data of US citizens to various businesses for various business purposes. It is storing complete personal information and corporate information of US population. The company is providing data in bulk and according to 2015’s brochure of Dun&Bradsheet,  some companies had paid $2,00,000 to use half million (5 lac) records. The leaked contains following information of US corporate population:

 

  • Netprospex Contact ID
  • First Name
  • Last Name
  • Job Title
  • Email Address
  • Contact Phone 1
  • Contact Phone 2
  • Primary Job Function
  • All Job Functions
  • Job Level
  • Company Name
  • D-U-N-S
  • Company Phone
  • Location Type
  • Street Address
  • City
  • State
  • Postal Code
  • Country
  • Web Address
  • Revenue
  • Revenue Range
  • Employees
  • Employee Range
  • Primary Industry
  • All Industries
  • Primary SIC Code
  • Primary SIC Description
  • Company Name (us ultimate parent)
  • D-U-N-S (us ultimate parent)
  • Street Address (us ultimate parent)
  • City (us ultimate parent)
  • State (us ultimate parent)
  • Postal Code (us ultimate parent)
  • Country (us ultimate parent)
  • Revenue (us ultimate parent)
  • Revenue Range (us ultimate parent)
  • Employee (us ultimate parent)
  • Employee Range (us ultimate parent)

 

Most Affected Regions and Companies

According to the report of Troy Hunt, the leaked data contains 4 Million records of California, 2.7 Million Records of New York and 2.6 Million of records of Texas.  Moreover, 100000 records of defense personnel, 88000 records of US Postal Service and combined 76000 records of US Army, Air Force are also available in leaked data. If we talk about companies, FedEx, IBM, AT&T, Dell, Xerox, and Dell are on the top with tens of thousands leaked records.

 

The Reason Behind Data Leak

The exact reason behind this massive data leak is still unknown. The security experts are investigating this incident. The Dun & Bradsheet has explained that their servers and databases are secure. The incident has happened with the databases of NetProspex which we have acquired in 2015. The company also said that during the investigation they came to know, the leaked data was six months old. The D&B has sold this data to a number of companies.

 

Disadvantages of This Massive Data Leak

  • The leaked information contains, almost complete personal information of US corporate officials. It will be very easy for crooks to phish the victims through phishing emails.
  • The hackers could steal the identity of victims, to perform illegal activities over the internet.
  • The hackers could the leaked information to bypass security questions and reset passwords of those online accounts, which belong to the victims.
  • The cyber criminals could also perform illegal and unauthorized actions in the victim companies and offices by using the leaked personal information of its employees.

 

Also Read: 

Magento Online Stores- Hackers Are Stealing Credit Card Details Through Realex Payment Module

Dark Web – 6,40,000 PlayStation User Accounts On Sale 

The Confidential Confide Messenger is Hackable, Claimed by Security Firm IOActive!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.