darkbeam

darkbeam

A digital risk management company called DarkBeam exposed records containing user emails and passwords from both previously disclosed and unreported data breaches by leaving an Elasticsearch and Kibana interface open.

It appears that DarkBeam has been gathering data to notify its clients in the event of a data breach.

The issue will probably have an impact on more people than just DarkBeam users.

Although the majority of the information that has been released originates from well-known sources, the thorough organization of this information poses a serious threat to those whose credentials have been revealed.

Threat actors may utilize the personal information of impacted individuals to construct well-designed phishing operations.

Source: https://securityaffairs.com/151566/security/darkbeam-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/darkbeam

"id": "dar02321023",
"linkid": "darkbeam",
"type": "Data Leak",
"date": "09/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Digital Risk Management',
                        'name': 'DarkBeam',
                        'type': 'Company'}],
 'attack_vector': 'Open Elasticsearch and Kibana Interface',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['User emails', 'Passwords']},
 'description': 'DarkBeam exposed records containing user emails and passwords '
                'from both previously disclosed and unreported data breaches '
                'by leaving an Elasticsearch and Kibana interface open.',
 'impact': {'data_compromised': ['User emails', 'Passwords'],
            'systems_affected': ['Elasticsearch', 'Kibana']},
 'title': 'DarkBeam Data Exposure Incident',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Misconfigured Elasticsearch and Kibana'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.