The Cybernews research team came up with an open Kibana instance that contained private data on Belcan, its personnel, and internal systems.
ElasticSearch's analytics and data search engine uses Kibana as a visualization dashboard. These systems aid businesses in managing massive data volumes.
The leaked Belcan data includes Admin emails, Admin usernames, Admin roles (what organizations they’re assigned to), Internal network addresses, Internal infrastructure hostnames and IP addresses, Internal infrastructure vulnerabilities, and actions taken to remedy/not remedy them.
Belcan was warned of the vulnerabilities by Cybernews, and before this article was published, the business had put precautions in place to deal with the problem. Before this story was published, Belcan did not send any additional remarks on the results.
Source: https://securityaffairs.com/149779/data-breach/belcan-leaks-admin-password.html
TPRM report: https://scoringcyber.rankiteo.com/company/belcan-engineering
"id": "bel33411923",
"linkid": "belcan-engineering",
"type": "Data Leak",
"date": "08/2023",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'name': 'Belcan', 'type': 'Organization'}],
'attack_vector': 'Exposed Kibana Instance',
'data_breach': {'type_of_data_compromised': ['Admin emails',
'Admin usernames',
'Admin roles',
'Internal network addresses',
'Internal infrastructure '
'hostnames and IP addresses',
'Internal infrastructure '
'vulnerabilities',
'Actions taken to remedy/not '
'remedy them']},
'description': 'The Cybernews research team discovered an open Kibana '
'instance that contained private data on Belcan, its '
'personnel, and internal systems.',
'impact': {'data_compromised': ['Admin emails',
'Admin usernames',
'Admin roles',
'Internal network addresses',
'Internal infrastructure hostnames and IP '
'addresses',
'Internal infrastructure vulnerabilities',
'Actions taken to remedy/not remedy them'],
'systems_affected': 'Internal Systems'},
'initial_access_broker': {'entry_point': 'Open Kibana Instance'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Precautions in place to '
'deal with the problem',
'root_causes': 'Unsecured Kibana Dashboard'},
'references': [{'source': 'Cybernews'}],
'response': {'containment_measures': 'Precautions in place to deal with the '
'problem'},
'title': 'Belcan Data Leak via Open Kibana Instance',
'type': 'Data Leak',
'vulnerability_exploited': 'Unsecured Kibana Dashboard'}