TmaxSoft, a Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
The 2 TB-strong Kibana dashboard has been exposed for over two years. Cybernews researchers discovered it back in January 2023, noting the set of data was first spotted in June 2021. Our team attributed the dashboard to tmax.co.kr – a website owned by TmaxSoft, one of the Tmax brand companies.
Unfortunately, the company hasn’t yet responded to Cybernews’ disclosure emails and requests for an on-the-record comment, and the dashboard with a treasure trove of information that could easily be exploited by threat actors remains open.
In total, there are over 56 million records in the dataset. However, some entries are duplicates.
The leaked data included:
- Employee names, emails, and phone numbers
- Employee/employment contract numbers
- Contents of sent attachments (docx, pdf)
- Metadata of sent binaries (executable names, the file path of where they were stored, version names, etc.)
- Employee IPs, user agents, and URLs of accessed internal tools
- Internal issue tracking messages
“These types of leaks are particularly valuable for advanced attackers, or Initial Access Brokers, as they reveal a lot of internal information, allowing the attacker to better understand what they’re up against and choose which employee to impersonate to gain access to specific tools,” Cybernews researchers noted.
Since TmaxSoft specializes in middleware solutions to “help companies leverage critical data,” the leaked data could be exploited in a supply chain attack, affecting Tmax clients and providers.
On its website, TmaxSoft claims to be partnering with major tech companies worldwide, including AWS, Google Cloud, Intel, VMware, and Intel, among others.
“The information related to their projects could be used by their competitors and assist in reverse engineering efforts, or could also be used to find and abuse any exploits that could be revealed by that information,” researchers said.
Most of the data that was leaked was company information and company emails, meaning most of the mitigation techniques should be applied by Tmaxsoft themselves.
We’ve also contacted The National Computer Emergency Response Team in Korea (KrCERT/CC), asking for their help in contacting the company and helping it patch the vulnerability.
The recommendations provided by CyberNews to Tmax and any company dealing with a similar issue are available in the original post @
About the author: Jurgita Lapienytė, Chief Editor at CyberNews
(SecurityAffairs – hacking, TmaxSoft)