Enterprise software provider exposed nearly a billion records in data breach

A non-password-protected database containing 769 million records was discovered to be exposed to the public, revealing critical information such as secret keys, bank account numbers, tax identification numbers, and email addresses.

4

Cybersecurity researcher Jeremiah Fowler discovered and reported on the database through a post on Website Planet, where he explained the database was owned by ClickBalance, one of Mexico's largest enterprise resource planning (ERP) technology providers. The database contained access tokens, API keys, secret keys, bank account numbers, tax identification numbers, and 381,224 email addresses. After informing ClickBalance about the database exposure, it promptly implemented restrictions.

Notably, ClickBalance is a software company that offers ERPs as a suite of cloud-based applications to enterprise organizations that enable those organizations to access those applications whenever they like across any device. These ERPs are typically used to manage different processes of an enterprise, such as finance, human resources, supply chains, manufacturing, sales, and other business operations.

In a nutshell, an ERP aggregates all of the collected data on a business into one application that enables an owner, stakeholders, or any official to easily navigate the different aspects of a business.

4

The database contained 769,333,246 records, totaling 395 GB. The severity of the potential impact of such a database being available publicly shouldn't be understated, as an ERB would collect information on customers, employees, proprietary business data, financial records, keys that grant further access to information, and even keys to access business-critical systems.

4

The dangers of having such keys available publicly could lead to critical system failures through highjacking, data theft, account takeovers, unauthorized transactions, or data blackmail.