idverse

idverse

Sensitive credentials were exposed by a digital identification tool that OCR Labs offered to large banks and government organizations, seriously endangering the safety of its customers.

Threat actors might compromise banks' backend infrastructure and, as a result, the infrastructure of their customers using disclosed data.

Cybercriminals' primary focus is on financial services, posing a serious threat to businesses and their clients.

The Cybernews investigation team identified the OCR Labs system's misconfiguration that exposed private information.

Source: https://securityaffairs.com/144514/data-breach/ocr-labs-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/idverse

"id": "idv31921023",
"linkid": "idverse",
"type": "Data Leak",
"date": "04/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': ['Large Banks',
                                               'Government Organizations'],
                        'industry': 'Technology',
                        'name': 'OCR Labs',
                        'type': 'Company'}],
 'attack_vector': 'Misconfiguration',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive Credentials',
                                              'Private Information']},
 'description': 'Sensitive credentials were exposed by a digital '
                'identification tool that OCR Labs offered to large banks and '
                'government organizations, seriously endangering the safety of '
                "its customers. Threat actors might compromise banks' backend "
                'infrastructure and, as a result, the infrastructure of their '
                "customers using disclosed data. Cybercriminals' primary focus "
                'is on financial services, posing a serious threat to '
                'businesses and their clients. The Cybernews investigation '
                "team identified the OCR Labs system's misconfiguration that "
                'exposed private information.',
 'impact': {'data_compromised': ['Sensitive Credentials',
                                 'Private Information'],
            'systems_affected': ['Digital Identification Tool',
                                 'Backend Infrastructure of Banks and Their '
                                 'Customers']},
 'initial_access_broker': {'entry_point': 'Misconfigured System',
                           'high_value_targets': ['Large Banks',
                                                  'Government Organizations']},
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'System Misconfiguration'},
 'references': [{'source': 'Cybernews Investigation Team'}],
 'title': 'OCR Labs Credential Exposure Incident',
 'type': 'Data Breach',
 'vulnerability_exploited': 'System Misconfiguration'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.