The misconfigured server is still exposing the data, and there has been no response from the company since their only contact email address available to the public is bouncing back all emails.
India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem. According to the IT security researcher Anurag Sen working with Italian cyber security firm FlashStart, the organization has exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication.
According to Hackread.com, the leaked data includes sensitive information such as customer records, invoices, and payment details across India. Not only that, but it also contains other personal information, such as names, addresses, and contact numbers of both customers and employees.
FR8 claims to be “India’s largest truck transport service company,” currently operating in over 60 cities across the country.
Anurag discovered the server on Shodan while searching for misconfigured cloud databases on January 30th, 2023. The researchers informed FR8 about the leak, but they did not receive any response. Their only contact email address available to the public is bouncing back all emails.
For your information, Shodan is an OSINT tool and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.
As for FR8, what is worse, at the time of writing, the server is still live and is exposing the following details:
- Full name
- Mobile number
- Internal document
- Delivery Full address
- Bank payment details
- Delivery Vehicle Details
- Internal employee details
India has a server misconfiguration issue
With a population of over 1.4 billion people, India is a lucrative place for businesses to invest and for cybercriminals to target. The more investment there is, the more widespread and vulnerable the IT infrastructure becomes.
Just a couple of weeks ago, Hackread.com exclusively reported on how an Enterprise Resource Planning (ERP) software provider had exposed half a million Indian job seekers’ data.
Last year, several top data exposure-related incidents involving tens of millions of victims were reported from India. These included Covid antigen test results, Indian Federal Police and banking records, MyEasyDocs, online packaging marketplace Bizongo, and more.
Since the server is live and there has been no response from the company, the chances of misuse and abuse of data are high if it gets into the hands of a third party with malicious intent.
While the data can be exploited to carry out identity theft-related fraud, hackers can hold the company’s server or data for ransom and leak it on cybercrime forums if their demands are not met.
Misconfigured Databases – Threat to Privacy
As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.
In 2021, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:
- USA – 93,685 databases
- China – 54,764 databases
- Germany – 11,177 databases
- France – 9,723 databases
- India – 6,545 databases
- Singapore – 5,882 databases
- Hong Kong – 5,563 databases
- Russia – 5,493 databases
- Japan – 4,427 databases
- Italy – 4,242 databases