Dark Web Actors Are Sharing Link to Unprotected ‘Korn Ferry’ Database

  • An American consulting firm has misconfigured their Amazon S3 bucket, and actors have accessed it.
  • The data contained in the bucket include both employee and client information, while confidential documents are also present.
  • The firm hasn’t responded to the notifications of the breach and hasn’t secured the leaking server yet.

‘Korn Ferry,’ the successful American consulting firm, has left an unprotected Amazon S3 bucket online, which was apparently discovered by malicious individuals. The actors then shared the link on the dark web, and Cyble’s sweepers located it. Upon analyzing the files found in the accessible database, the researchers realized that this was confidential information that was never meant to come to light. Obviously, the files have been accessed by a large number of unauthorized third parties, and the company will now have trouble containing the damage done by this misconfiguration.

Korn Ferry is a California-based consulting firm that operates 104 offices in 52 countries, employing 8,678 people around the world. The company has revenues counted in the billions and serves clients of the highest prestige and financial magnitude. That said, exposing information belonging to these clients is catastrophic, to say the least. Unfortunately, for Korn Ferry, this seems to be the case with the most recent security incident. More specifically, Cyble has found the following things stored in the unprotected database:

  • HR records of employees detailing the employee IDs, their annual base salary along with dollars per hour rate.
  • Documents that are confidential to the organization.
  • Product hub usernames and default passwords for client users
  • Multiple survey templates to gather data such as employee’s availability surveys in different industries
  • Detailed records of different types of materials and their pricing.

service listing
Source: Cyble blog

As it becomes clear from the above, ‘Korn Ferry’ left a crucial database unprotected online, containing both their internal information and that of their clients. The worst damage was done to the employees who had their sensitive details exposed. These people are now running the risk of getting phished or scammed, and they should receive an identity protection service from their employer soon. The scale of the clients’ damage is unknown, as we don’t know the content of the exposed documents.

Cyble has reached out to Korn Ferry, but the consulting firm hasn’t responded yet. It means that the unprotected database is still up, and actors are free to access it. This doesn’t look like a database supporting a live system, so even if the actors eventually wipe it, the company may not notice the event immediately. If you work for Korn Ferry or if you are a client, contact the firm immediately and demand action. The exposure of the above data should be considered a fact, and so treating all incoming communications with vigilance is the way to go now.

REVIEW OVERVIEW

Recent Articles

What is Zero Trust Network Access (ZTNA) and Why Does it Matter?

Security is not something that's simply tacked on to an existing system. It's a fundamental aspect of that system's design. This is especially true...

How to Watch ‘CMA Best of Fest’ Live Online

We may not be able to attend concerts right now, but we can still enjoy some of our favorite music, especially when it comes...

5 Best VPN for Hong Kong in 2020 (Protect Yourself From The New National Security Law)

Without any doubt, Internet users in Hong Kong are in a very delicate situation right now. As you surely know, this previously independent territory...

How to Watch Quaker State 400 Online – Live Stream NASCAR Cup Series at Kentucky

We've got another NASCAR race on our hands, and the Quaker State 400 is just around the corner. We plan on watching the Quaker...

Seattle Police Booby-Trapped a File to Catch Ransomware Actor

An interesting method used by U.S. law enforcement authorities has been revealed. The FBI and the police use booby-trapped files that are...