Hundreds of thousands of personal documents were left sitting in an unprotected database available to anyone who knew where to look, cybersecurity researcher Jeremiah Fowler has claimed.
Talking toWebsitePlanet, Fowler outlined how he discovered the database belongs to FleetPanda, a cloud-based fleet management and dispatch software designed to streamline fuel distribution operations.
The platform offers real-time tracking, automated order management, and seamless integration with various back-office systems.
FleetPanda reacts
The company kept a non-password-protected database containing 780,191 documents, with a total size of 193 GB. It held various .PDF, .JPG, and other files, which contained information on fuel and petroleum shipments to and from different companies, industries, and even pipelines. Other files included invoices, delivery tickets, but also driver applications, high-resolution images of driver’s licenses, and background checks that contained personally identifiable information (PII).
The files were generated between 2019 and August 2024, and were listed as cache files. The invoices also contained billing and delivery information such as bill to, delivered to, delivered by, ticket, PO or order numbers, truck numbers, and other internal identifiers or tracking data.
Fowler said that he disclosed his findings to FleetPanda, which locked the database a few days later – without a word. Therefore, we don’t know how long the database was kept unlocked, if a third party was maintaining it, and if anyone accessed the contents before Fowler did.
We reached out to the company with these questions and will update the article accordingly.
With most companies being “data companies” these days, and with the omnipresence of cloud computing, the majority of firms are holding their data in cloud storage. Therefore, unprotected databases remain one of the most common causes of data leaks.
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/GcQXTy4NBXKeoop4V5WQnQ-1200-80.jpg
Source link