cyber Breach

ENC Security

Dec 11, 2022 1 min read
ENC Security

ENC Security, a Netherlands software company, had been leaking critical business data.

It had been leaking its configuration and certificate files for more than a year.

A misconfiguration by a third-party supplier caused the issue and fixed it immediately upon notification.

The data compromised included Simple Mail Transfer Protocol (SMTP) credentials for sales channels, the single payment platform’s Adyen keys, email marketing company’s Mailchimp API keys, licensing payment API keys, HMAC message authentication codes, and public and private keys stored in .pem format.

Source: https://securityaffairs.co/wordpress/139091/data-breach/enc-security-data-leak-sony-lexar.html

TPRM report: https://scoringcyber.rankiteo.com/company/enc-security-llc

"id": "enc222421222",
"linkid": "enc-security-llc",
"type": "Breach",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Software',
                        'location': 'Netherlands',
                        'name': 'ENC Security',
                        'type': 'Software Company'}],
 'attack_vector': 'Misconfiguration',
 'data_breach': {'file_types_exposed': ['.pem'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Configuration files',
                                              'Certificate files']},
 'description': 'ENC Security, a Netherlands software company, had been '
                'leaking critical business data including configuration and '
                'certificate files for more than a year due to a '
                'misconfiguration by a third-party supplier.',
 'impact': {'data_compromised': ['SMTP credentials for sales channels',
                                 'Adyen keys',
                                 'Mailchimp API keys',
                                 'Licensing payment API keys',
                                 'HMAC message authentication codes',
                                 'Public and private keys stored in .pem '
                                 'format']},
 'post_incident_analysis': {'corrective_actions': 'Fixed the misconfiguration '
                                                  'immediately upon '
                                                  'notification',
                            'root_causes': 'Misconfiguration by a third-party '
                                           'supplier'},
 'response': {'recovery_measures': 'Fixed the misconfiguration immediately '
                                   'upon notification'},
 'title': 'ENC Security Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Misconfiguration by a third-party supplier'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.