Dark Web Actors Are Sharing Link to Unprotected ‘Korn Ferry’ Database

Written by Bill Toulas
Last updated September 25, 2021

‘Korn Ferry,’ the successful American consulting firm, has left an unprotected Amazon S3 bucket online, which was apparently discovered by malicious individuals. The actors then shared the link on the dark web, and Cyble’s sweepers located it. Upon analyzing the files found in the accessible database, the researchers realized that this was confidential information that was never meant to come to light. Obviously, the files have been accessed by a large number of unauthorized third parties, and the company will now have trouble containing the damage done by this misconfiguration.

Korn Ferry is a California-based consulting firm that operates 104 offices in 52 countries, employing 8,678 people around the world. The company has revenues counted in the billions and serves clients of the highest prestige and financial magnitude. That said, exposing information belonging to these clients is catastrophic, to say the least. Unfortunately, for Korn Ferry, this seems to be the case with the most recent security incident. More specifically, Cyble has found the following things stored in the unprotected database:

service listing

Source: Cyble blog

As it becomes clear from the above, ‘Korn Ferry’ left a crucial database unprotected online, containing both their internal information and that of their clients. The worst damage was done to the employees who had their sensitive details exposed. These people are now running the risk of getting phished or scammed, and they should receive an identity protection service from their employer soon. The scale of the clients' damage is unknown, as we don't know the content of the exposed documents.

Cyble has reached out to Korn Ferry, but the consulting firm hasn’t responded yet. It means that the unprotected database is still up, and actors are free to access it. This doesn’t look like a database supporting a live system, so even if the actors eventually wipe it, the company may not notice the event immediately. If you work for Korn Ferry or if you are a client, contact the firm immediately and demand action. The exposure of the above data should be considered a fact, and so treating all incoming communications with vigilance is the way to go now.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: