All too often, attempts at responsible disclosure are ignored or otherwise fail to get data locked down. When those who discover data leaks repeatedly try to get data owners to secure their data but are ignored, they may decide to reveal the leak publicly even though the data are still unsecured.
Today’s example is brought to us by Cybernews, which reports:
A Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.
The 2 TB-strong Kibana dashboard has been exposed for over two years. Cybernews researchers discovered it back in January 2023, noting the set of data was first spotted in June 2021. Our team attributed the dashboard to tmax.co.kr – a website owned by TmaxSoft, one of the Tmax brand companies.
Unfortunately, the company hasn’t yet responded to Cybernews’ disclosure emails and requests for an on-the-record comment, and the dashboard with a treasure trove of information that could easily be exploited by threat actors remains open.
Read more at Cybernews. Cybernews also alerted the National Computer Emergency Response Team in Korea (KrCERT/CC). Whether the South Korean data protection regulator becomes aware of this incident and initiates enforcement action against the firm remains to be seen in time.