TmaxSoft, a software provider based in South Korea, has revealed over 50 million confidential records, including phone numbers, emails, and internal issue tracking messages, as a result of a significant data breach. Security researchers found the leaked data, which had been kept in a publicly viewable Kibana dashboard for more than two years.
Attackers can gain a lot of knowledge about TmaxSoft’s personnel and internal operations from the leaked data, which makes it especially valuable to them. Cyberattacks of other kinds, such as social engineering schemes or targeted phishing attacks, might be carried out using this data. Furthermore, TmaxSoft’s partners and clients might be put at risk by the compromised data.
Over 50 million private records have been made public by TmaxSoft, a Korean IT company that creates and markets enterprise software.
It’s been more than two years since the 2 TB Kibana dashboard was made public. While pointing out that the data set was initially spotted in June 2021, Researchers found it back in January 2023. The website tmax.co.kr, which is owned by TmaxSoft, a company that carries the Tmax brand, was identified by our team as the source of the dashboard.
The dashboard, which contains a wealth of information easily exploited by threat actors, is still accessible.
There are more than 56 million records in the dataset overall. Some entries, though, are duplicates.
The data that was compromised comprised:
- Phone numbers, emails, and names of employees
- Numbers for employees and employment contracts
- Attached files’ contents (docx, pdf)
- Sender binaries’ metadata, such as executable names, file paths to their storage locations, version names, etc.
- IP addresses, user agents, and URLs of internal tools accessed by employees
- Internal messages for tracking issues
According to Researchers, these kinds of leaks are especially useful for advanced attackers, or Initial Access Brokers, because they disclose a lot of internal information. This information helps the attacker decide which employee to pose as in order to obtain access to particular tools.
The leaked data may be used in a supply chain attack that impacts Tmax clients and providers, as TmaxSoft specializes in middleware solutions to “help companies leverage critical data.”
TmaxSoft asserts on its website that it collaborates with leading tech companies across the globe, such as AWS, Google Cloud, Intel, VMware, and so on.
Researchers warned that competitors may use the information about their projects to aid in reverse engineering or to find and take advantage of any exploits that might be made public by that information.
The majority of the data that was exposed consisted of emails and company information, so Tmaxsoft should implement the majority of the mitigation strategies.
In addition, they have made contact with Korea’s National Computer Emergency Response Team (KrCERT/CC) and requested their assistance in reaching out to the company and assisting with the vulnerability patch.
Recommendations for TmaxSoft
- Protect the exposed information.
- Look into what caused the data breach.
- Notify those who are impacted.
- Take action to stop upcoming data breaches.
What people who are impacted ought to do:
- They should reset their passwords.
- Watch out for scams such as phishing emails.
- Observe their credit histories.
There is a serious possibility that TmaxSoft, its staff, and its clients will be significantly impacted by this data breach. In order to secure the exposed data and stop such breaches, the company must act right away.