• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Marketing agency for NFL, Mastercard, MLB and Soundcloud exposes clients’ sensitive data

Marketing agency for NFL, Mastercard, MLB and Soundcloud exposes clients’ sensitive data

by Bernard Meyer
14 October 2020
in Security
0
Marketing agency for NFL, Mastercard, MLB and Soundcloud exposes clients’ sensitive data
20
SHARES

CyberNews recently discovered that the digital marketing agency teamDigital was exposing multiple environment config files which contain sensitive data. By exposing this type of data, teamDigital is putting their own data and the data of their clients – big names like the NFL, Mastercard, Soundcloud, and more – at risk, potentially leading to ransomware, targeted phishing campaigns, and others. 

An environment file (with a filetype .env) is the main configuration file of a web application that contains sensitive data needed for an application to work, including database credentials, email provider credentials, and API keys. For that reason, it should never be made publicly accessible or committed to a Git where it in some cases can be accessed by others. 

Our researchers discovered three separate environment files that contained information to access teamDigital’s Mastercard, SMS tool, and FTP databases, including the League of Legends-related MasterCardNexus Twitter API keys, which would allow a cybercriminal to control much of that account. 

We notified teamDigital of the exposed files immediately when we discovered them on October 9, 2020, and they reported to CyberNews that the issue was addressed the same day. A request for comment from teamDigital was not returned by the time of publishing. 

Who is teamDigital?

These environment config files belong to the digital marketing agency teamDigital Promotions, Inc. located in Connecticut. Besides digital marketing, teamDigital also provides services related to legal compliance and administration, plus engagement solutions and platforms. According to teamDigital’s website, its clients include such top brands as:

  • NFL
  • MLB 
  • Carnival Cruise Line
  • Mastercard
  • NASCAR
  • Xfinity
  • WNBA
  • Soundcloud
  • The 100-year-old clothing brand New York & Company

League of Legends, Mastercard and teamDigital client data exposed

Due to misconfigured environment files, CyberNews was able to access the data of some of teamDigital’s clients. It appears that teamDigital is using Egnyte, which is a cloud platform for sharing files, and whose website promises “a unified platform to govern and secure content everywhere.”

Due to the misconfiguration, anyone was allowed to view multiple environment config files, including:

  1. teamDigital’s FTP env file. We were able to view teamDigital’s FTP username and plaintext password. This file also contains the MastercardNexus (@mastercardnexus) Twitter API keys. MastercardNexus is the official Twitter account for @LoLesports for League of Legends, arguably the most popular esports title currently available. 
  2. teamDigital’s SMS Tool env file. We were able to view teamDigital’s MySQL database username and plaintext password, its AWS access key and ID, and other related accounts.
  3. Mastercard Privacy API env file. Although we are unsure what this file is related to, it contains, again, plaintext MySQL database credentials, API keys, and other data related to Mastercard.

Example from teamDigital env file for its SMs tool:

Example from teamDigital’s FTP and MastercardNexus file

Example from teamDigital’s FTP and MastercardNexus file:

Example from teamDigital’s FTP and MastercardNexus file

What’s the impact of the teamDigital exposed files?

The true scope of the teamDigital environment config exposure would only be ascertained by accessing the various databases and understanding what permissions are granted, what data is contained in the FTP server, and so on.

However, we refrained from doing so based on legal and ethical reasons. Nonetheless, we can estimate the impact of the exposed files by looking at each in turn.

The FTP credentials and MastercardNexus Twitter API keys

If cybercriminals were to use the FTP details contained in the first env config file, they would be able to access teamDigital’s FTP server. While we can’t be certain what data is contained there, it is possible that it houses sensitive information about teamDigital’s business and its long list of popular clients, including the NFL, MLB, WNBA and others. What kind of data could a digital marketing agency have related to those brands? Most likely similar Twitter API keys, as well as other social media credentials. There may also be private, marketing-related materials that those brands would like to keep from the public eye.

Beyond that, with the MastercardNexus Twitter API keys, a cybercriminal would be able to access that account and tweet various messages, for example, during a League of Legends esports competition, such as the ‘Worlds’ championship that is currently in full swing. These could be similar to the cryptocurrency tweets of the Great Twitter Hack from July 2020, where multiple Twitter verified accounts tweeted out bitcoin-related scam messages. Seeing as Mastercard is a leading financial institution, these tweets might prove convincing.

teamDigital’s SMS tool and Mastercard Privacy

For these two env config files, we’re less confident about what could be done with the data contained there. First of all, teamDigital provides no real information that it even has an SMS tool. Nonetheless, it does have the MySQL database and AWS account credentials in the file, as well as the credentials for another service. With these, cybercriminals can access, steal and potentially manipulate those files.

Similarly, we are unsure what the Mastercard Privacy API env config file relates to. Cybercriminals would certainly be able to figure it out by accessing the MySQL database. Nonetheless, we believe this is related to teamDigital’s “legal compliance and administration” services, with multiple API get and post URLs provided in the file.

Next steps

We disclosed the issue to teamDigital on Friday, October 9, 2020 when we discovered it. On the same day, teamDigital reported to CyberNews that the issue “has been addressed.” We confirmed that the environment files were no longer accessible.

In general, then, we can provide the following important steps to ensure your data is safe:

  1. For developers, at teamDigital and elsewhere, make sure that your .git and .env folders are not publicly accessible, and that your repositories are not visible. Even then, you should avoid committing sensitive keys and files to the repository
  2. If you are a client of teamDigital or a company connected to it, make sure to check your online accounts for any strange behavior. You should also review the communications between your company and teamDigital to see if any sensitive details were exchanged.
  3. Lastly, for users, depending on what social media credentials might have been exposed, make sure to be critical of suspicious tweets or other social media posts, even if those accounts are verified.
Share20TweetShareShare

Related Posts

Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Email icon on laptop screen

How phishing attacks are evolving and why you should care

14 January 2021
Ransom message on laptop screen

Why ransomware attacks will explode in 2021

12 January 2021
Next Post
Best free password managers

Best free password managers for 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    82912 shares
    Share 82901 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    61 shares
    Share 61 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Facebook says some users facing issues with Messenger, Instagram

Factbox: How Facebook, Twitter, and others are girding for inauguration threats

20 January 2021
Uploading on mobile screen and Data Protection on desktop screen

Privacy and data protection trends in 2021

20 January 2021
valve logo

EU hits game distributor Valve, five others with 7.8 million euro fine

20 January 2021
google logo

Trump pardons former Google self-driving car engineer Levandowski

20 January 2021
Malwarebytes hacked by state actors behind SolarWinds attack

Malwarebytes hacked by state actors behind SolarWinds attack

20 January 2021
Edvardas Šileris

Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached

20 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!