Privileged information revealed from 900 organisations including Dell, Verizon, according to reports
Around 10,000 email addresses belonging to 900 organisations have been reportedly exposed online following an alleged data leak from an office application based in the United States.
Cybernews reported that its researchers found a "publicly accessible web directory" that belonged to organisation Simpli, which offers an application that allows employees of companies renting office space to view stores in the same building.
According to the report, the web directory exposed around 10,000 email addresses of employees and hashed passwords from around 900 organisations. Some of the affected businesses include major firms such as Dell, Verizon, Comcast, AT&T, and the National Council on Disability.
Aras Nazarovas, an information security researcher at Cybernews, warned that the passwords "could still be cracked" despite the employee credentials being stored in a "relatively secure format."
"If the employee uses the same password for multiple accounts, the cracked password could be used to log into other, more sensitive, work-related endpoints," Nazarovas said in the report.
More sensitive information potentially exposed
In addition to email and passwords, the data leak also exposed orders made through the application, which contained potentially sensitive operational information.
According to the researchers, the information includes details about meetings between individuals from different firms and the purposes of the meetings.
Cybernews said the web directory stored backups of the company's website and Simpli app database that were made in January 2024. It believes that the open directory was likely exposed when the company was migrating its system from Drupal 7 to Drupal 9.
The news outlet has posted screenshots of the information that were exposed online, including the list of buildings and tenants, as well as user credentials. Simpli has yet to comment on the massive data leak.
