Popular office app may have exposed details of thousands of workers
10,000 employee credentials leaked from third-party service
A data leak has reportedly affected around 900 companies, including major firms such as Dell, Capital One, and Verizon, leaking employee data online.
The third party app ‘Simpli’ (formerly Charm City Concierge) was discovered to have a publicly available web directory which exposed as many as 10,000 employee credentials from the affected firms.
The information was found by researchers at Cybernews on an open web directory which stored backups of the company’s app database and website, made in January 2024. Many employees signed up for the third party service using corporate email addresses, which could leave companies vulnerable to malicious actors targeting work-related endpoints.
Supply chain attacks
A number of details and potentially sensitive operational information were exposed through app orders and notes leaving organizations vulnerable to data theft and worse.
The researchers also found email addresses, hashed passwords, and meeting details, which included the purpose of meetings and attendees.
The incident is another reminder of the increasing risk of supply chain attacks on businesses. Whilst companies have become more concerned with cybersecurity in recent years, weaker elements within a supply network have become marks for threat actors looking to target otherwise secure company data.
Suppliers and third parties often hold sensitive company and customer information, making them an effective in-road for threat actors. Recent research claimed third-party attack vectors make up almost 30% of data breaches in recent years. With roughly 98% of organizations affiliated with a third party that has experienced a data breach, this has become a serious security concern.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Researchers advise security leaders to ensure that robust third-party risk management plans are in place to prevent and recover from security breaches.
More from TechRadar Pro
- Report finds macOS fares worse than Windows and Linux at preventing cyber attacks
- Take a look at our guide to the best identity theft protection
- These are the best endpoint protection tools around today
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.