The web-development browser Blisk suffered a data breach leaking more than 2.9 million records through an open Elasticsearch database that was left open and that bypassed the security put in place by its users.
The browser has been compromised in a way that it now leaks the data it was designed to gather from web development teams, UX designers and web engineers, according to Noam Rotem and Ran Locar, leaders of VPNMentor’s security team, who uncovered the problem. Blisk has been operating since 2014 and VPNMentor said it has NASA, Microsoft, Apple, eBay and UNICEF as its customers and others from around the world.
The information exposed included more than 1,000 email addresses – including a ca.gov email address, IP addresses and user agent details. All of which can be used to create legitimate appearing phishing emails to be used against the customers.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.