© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

AI startup spills employee data and corporate secrets

An Indian startup focusing on artificial intelligence (AI) solutions leaked sensitive corporate data, including extensive information about its projects and employees.

The Cybernews research team has discovered an open database belonging to Brane Group-owned Indian startup NSLHub. According to its website, NSLHub “is a one-stop shop for all vertical, horizontal, and support business solutions” committed to “realizing artificial general intelligence by 2025.”

The open database contained extensive information about the company. It had 221 employee information entries, including names, emails, and passwords. The latter were stored in what seems to be Base64 encoding – this is used for convenient data storing but does nothing to protect passwords.

The company was also leaking over 10,000 records of emails and their contents that included employees’ daily task descriptions and performance reports.

The dataset, which was closed after we reported it to the company, also contained nearly 2,000 item order requests with details about projects they were used for and their prices.

Moreover, the leaky dataset had records of authentication logs for some internal tools, including employee emails, login timestamps, links to the tools, and employee internal protocol (IP) addresses.

The Cybernews research team considers the leaked database highly sensitive, since threat actors could access confidential information including company projects, their progress, and tools needed for specific projects.

“Employee data was also sensitive in multiple ways: the email and password could be used to log into companies’ resources, [accessing] internal network IP addresses [that] could be used to obfuscate attackers’ movements in the network, personal information such as names, email addresses, teams, and projects, and employee IDs [that] could be used for spear-phishing attempts,” the research team said.

Since employee data protection laws are very strict in India, breaches like this could cost any company up to $700,000 per employee if they suffer collateral damage from such a leak.

More from Cybernews:

AI-enabled cyberattacks might become norm in next five years 

Musk’s Twitter takeover shifted who’s controlling malware there

India’s foreign ministry leaks expat passport details

Royal ransomware: mysterious gang behind Silverstone Circuit attack

US Cybercrime index: which states suffer the most?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked