Cloud Security, Data Security, Privacy

Misconfiguration exposes Empire Distribution data

Credit: Adobe Stock Images

U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.

Included in the leaked information were Empire's JSON Web Token secret, SES key and secret, and Mailgun API and domain, as well as several database and Memcached server credentials, according to Cybernews researchers.

Attackers could leverage the database credentials to facilitate further access to sensitive information, including customer data, intellectual property, and financial details, while Memcached credentials could be used to enable lateral movement to other systems and other malicious activity. Other Empire systems could also be compromised using tokens generated by the JSON Web Token, while threat actors could have leveraged the Mailgun API and domain and SES credentials to facilitate phishing attacks enabling malware distribution.

Empire has already been notified regarding the compromise but has yet to provide a response.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.