Adding to the trail of data exposure incidents from unsecured databases, now joins a startup firm. Reportedly, the contract and document management firm Evisort exposed sensitive documents publicly from an unsecured database. The exposed records included confidential information as well.
Evisort Exposed Sensitive Documents Online
Reportedly, a document and contract management startup company publicly leaked confidential data from unsecured databases. The firm Evisort exposed sensitive documents on an open Elasticsearch database.
The databases lacked password security that allowed unrestricted access to the files contained within. The documents included some dummy files as well as the customer records along with confidential data. As reported by an anonymous tipster,
“These are confidential agreements between many established large famous companies that are hosted on the internet for anyone to see.”
Some of the sensitive documents exposed in the database included NDA’s between Evisort and Samsung, and an agreement with Squarespace signed by Evisort’s Chief Executive, Jerry Ting. The exposed records also included documents like loan agreements, employee contracts, and resumes.
Ironically, the database also included an agreement, dated February 21, between a third-party cybersecurity firm and Evisort. Ironically the document contained a penetration test on Evisorts’ network.
Leaky Database Closed Down
Upon receiving the report, Evisort removed the exposed database after an hour of notification. As stated in an ‘off the record’ email by Jerry Ting, the exposed data did not constitute the firm’s production environment. Rather it belonged to the internal development environment for its engineers. He explained that the database was meant for testing purpose amidst an ongoing audit.
“Although our investigation is ongoing, the vast majority of information contained in the development database was placeholder or benign information used for testing purposes. However, it appears that there may be a small number [of] legitimate documents in this environment.”
While they continue with the investigations, Ting assured to inform the affected customers in case of the potential impact on the information exposed.
Data leaks from unsecured Elasticsearch databases isn’t a new thing. Recently, another unsecured Elasticsearch databased belonging to a rehabilitation center exposed a large number of patients’ records.