ADVERTISEMENT

New England Biolabs leak sensitive data

Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems to have dodged a bullet.

New England Biolabs research

Image by Shutterstock.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Oct 24, 2023 Updated: 15 November 2023 2 min read
ADVERTISEMENT
New England Biolabs leak

What was in the New England Biolabs leak?

  • Database credentials: Cybercriminals, who managed to gain a foothold in the company’s network, could then read, change, and delete data stored within the database, resulting in data breaches, manipulation, or unauthorized access to sensitive data.
  • SMTP server and Mail credentials: Attackers can exploit this for sending emails disguised as legitimate company representatives.This could lead to social engineering attacks, malware distribution, or phishing.
  • Paymetric (enterprise payment processing company) credentials, Secret, and Endpoint: Unauthorized parties could obtain access to the company's payment system, execute unauthorized transactions, modify payment settings, or access sensitive payment data. Exposed endpoints could be leveraged to flood the system or application with traffic, disrupt or block the service for legitimate users, initiate DDoS attacks, disseminate spam, conduct phishing attacks, and other malicious actions.
  • Root path: Potential attackers could gain knowledge of the architecture, technologies, and directory hierarchy of the underlying system, facilitating the discovery of potential vulnerabilities. They could also try accessing sensitive files by using the exposed root path to launch directory traversal (file path manipulation) attacks.
  • QUOTE_CRYPT_KEY (likely a variable that holds the specific cryptographic key used by a program), and CIPHER (presumably, a method to perform encryption and decryption): Attackers could try with additional knowledge to exploit the key for decrypting information.
ADVERTISEMENT