Top security guard firm exposed over a million files online
Sensitive information on security guards exposed online
A security guard firm was found leaking data that could lead to identity theft, physical breaches, theft, and even terrorism.
The news comes from cybersecurity researcher Jeremiah Fowler, who found an online database containing more than 1.2 million documents. The database did not have any sort of protection and could be accessed by anyone who knew where to look, WebsitePlanet reported.
Subsequent investigation uncovered that the database belonged to a UK-based company called Amberstone Security Ltd, a firm offering technology and physical security services.
Physical threats
In the database, the researcher found personally identifiable information (PII) and face photographs of thousands of security guards. Furthermore, he found images of security credentials, as well as license cards, issued by the Security Industry Authority (SIA). The database also contained incident reports, as well as names and birthdates of potential criminals.
Speaking with SIA, the researcher was told that the cards did not have any biometrics on them, hinting that with this database, a criminal could easily reproduce the cards, and thus impersonate security personnel. “This could potentially lead to a physical security breach, theft, vandalism, or — as a worse-case scenario — acts of terrorism,” the report states.
The researcher also found files on the development of an app called Guarded on Duty, which lets security guards log in and verify their current jobs by uploading images of their badges. Furthermore, he found APK files, which threat actors could use to infect the Android apps with malware.
After making the discovery, Fowler reached out to Amberstone Security, which confirmed locking down the database.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The company also shifted the blame to an unnamed third party: “Thank you for bringing this to our attention, this is deeply concerning,” a company representative told the researcher. “I am investigating this with the supplier who developed and hosts the platform. Please rest assured that we take data security seriously, and this will be investigated thoroughly”.
More from TechRadar Pro
- Collection agency data breach affects millions of users
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.