Various sensitive information has been exposed by suspicious and malicious URL scanner urlscan.io, reports The Hacker News.
Threat actors could search and retrieve password reset links, account creation URLs, email unsubscribe links, Telegram bot information, API keys, shared Google Drive links, DocuSign links, Discord, Zoom and SharePoint invite links, Dropbox file transfers, PayPal invoices, package tracking invoices, and Cisco Webex meeting recordings from the scanner, a report from Positive Security revealed.
Researchers found that Apple domain URLs have been included in the leak but have since been removed. Further investigation of the leaked email addresses showed that the leak has been traced by one unnamed organization to a DocuSign work contract link to a misconfigured Security Orchestration, Automation, and Response solution.
"This information could be used by spammers to collect email addresses and other personal information. It could be used by cybercriminals to take over accounts and run believable phishing campaigns," said Positive Security co-founder Fabian Brunlein.