AdminShoemaker Ecco has been operating a misconfigured database for over a year, exposing huge amounts of sensitive information to anyone who knows where to look.
This is according to a new report from cybernews (opens in a new tab), whose research team recently identified 50 Ecco indexes made available to the public. In total, the database contains over 60 GB of sensitive data, which is available as of June 2021.
“Millions of confidential documents, from sales to system information, were available. Anyone with access could view, edit, copy, steal or delete the data,” the researchers said.
API requests
While Ecco has meanwhile stepped in to address the issue, it has not commented on Cybernews’ findings. The database now appears to be locked, researchers say.
While scanning the network for insecure and misconfigured databases, the research team found an exposed instance hosting Kibana, the ElasticSearch visualization dashboard, for Ecco. Kibana, the researchers explained, helps to process ElasticSearch information.
The instance hosting the dashboard was protected by HTTP authentication, but the server was (wrongly) configured to allow API requests. Using this vulnerability, researchers searched for index names in Ecco’s ElasticSearch, seeing 50 exposed indexes with over 60GB of data.
The data contained all kinds of sensitive information, from sales and marketing to logging and system information, the researchers said. One index, sales_org, contains over 300,000 documents. A directory called market_specific_quality_dashboard contained over 820,000 records.
There are many ways cybercriminals can exploit the database, they further explained, saying that the visible code could have been changed as well as the naming and URLs, all for phishing campaigns, identity theft (opens in a new tab)or trick people into running malware and ransomware.
Moreover, the database is not intended for the local Ecco site, but for the global ecco.com site. In the hands of an experienced cybercriminal, files can be the main tool in a global attack on a company. Ecco stores, its employees, as well as customers and contractors.
