Cybernews research group discovered that the Netherland-developer for encryption for encryption ENC Security for 1.5 years drained its configuration files and certificates. The company said that the problem arose due to the incorrect configuration of a third-party supplier, who had already corrected it immediately after receiving a notification.
“data that have been seeped for about 1.5 years is a gold vein for attackers,” said Cybernews researcher Martinas Vareikis.
The leaked data included:
- Simple Mail Transfer Protocol (SMTP) for sales channels;
- Adyen keys to a single payment platform;
- Mailchimp compounds of mail marketing;
- API key of payments;
- Hmac’s authentication codes;
- keys and certificates stored in the format “pem “.
The data was available from May 27, 2021 to November 9, 2022. The server was closed after Cybernews announced the vulnerability in ENC Security.
According to Vareikis, the information leak is concerned, since attackers can use this data for various cyber attacks – from phishing to extortion attacks.
For example, sales canals can be used to send customers by sending them for fake invoices or distributing malicious software through trusted email addresses.
Mailchimp APIs allow the company to create mass marketing mailings and “collect” potential customers from real email of the company.
And the files “.pem” (a file format for storing and sending cryptographic keys and certificates) can open access to the server or even lead to the capture of the server. And the API key of payments can disclose confidential information about the client.
USB-key, Lexar, Sandisk and other storage devices are supplied with a data encryption program developed by ENC Security. The Netherlands company with 12 million users around the world offers solutions to “defense of the military level data” using their popular software for encryption Datavault. ECN Security reports that its product is loaded more than 2000 times a month.