- Researchers have found an unsecured online database with almost eight million files
- The database contained work authorization documents, national insurance numbers, certificates and other sensitive data
- It belonged to the Loggezy software company, which indicates that the database is locked now
Millions of health workers in the United Kingdom have disclosed their sensitive data online, after a database protected by passwords has not been found undefined on the Internet.
Security researcher Jeremiah Fowler found a 1.1 TB database containing almost eight million files (7,975 438), including .PDF images and files, work authorization documents, national insurance numbers, certificates, electronic signatures, time sheets, user images and identification documents issued by the government.
In addition, the archives contained 656 directory entries indicating various companies, the majority of which were health care providers, recruitment agencies and temporary employment services.
Identity and other risks
Fowler determined that the database belonged to Logezy, a management and monitoring software company based in the United Kingdom.
He informed Loggezy of his conclusions, and the company locked the database “shortly after”.
To search for unprotected databases, researchers would use a specialized search engine, such as Shodan, and analyze the results.
Until now, Fowler has found dozens of similar instances, including Clickbalance (more than 750 million records), DM Clinical Research (more than a million clinical files) or Servicebridge (31 million).
Without a detailed forensic analysis, it is impossible to know if a threat player has already accessed the database and has exfiltrated the information found there.
It is also impossible to know how long the archive has remained unlocked, and if Logyzy managed it, or a third party in its name.
These cases are considered a low fruit for cybercriminals. Theft of this information does not require phishing, social engineering, hunting for zero-day vulnerabilities or to exploit unrelated ending points.
However, data inside is precious because it is generally up to date and can be used in all kinds of fraud, including wire fraud, payment scams, identity theft, etc.
If you have used Loggezy in the past, it would be wise to keep a more in -depth eye on your accounts and your credit reports for a potentially suspect activity.
