Image

Image

With a simple search of the exposed database, our researchers were able to find the payment information, PII, and full company and account details for end-users and managed service providers (MSPs) – including for a criminal defense attorney, a utilities service provider, and more. There were enough details in this leak wherein a nefarious party could easily access users’ accounts – and possibly gain access to the associated permissions for said accounts.Upon discovering the data leak, Rotem and Locar contacted Tech Data Corporation. The distributor responded within two days and fixed the leak that same day, a quick remediation time that prompted the researchers to praise the company for having acted "professional in handling news of the leak and [having] asked the real questions to solve the problem." Bobby Eagle, a spokesman for Tech Data Corporation, told Bank Information Security that Tech Data Corporation has discovered no evidence of bad actors having abused the information stored on the exposed server to commit fraud. He went on to say that the company would continue with its investigation into the data leak and that it would abide by all necessary data reporting requirements going forward. News of this incident comes two months after researchers discovered several exposed servers containing 590 million resumes that belonged to Chinese recruitment firms