cyber Vulnerability

Southern Water

May 11, 2023 1 min read
Southern Water

British supplier of liquid of life, Southern Water botched its internal Sharepoint.

They had set up Sharepoint to host customer information as a “your account” style section of their website which exposed URLs that tweaked to view other people’s account information.

A vulnerability in this management area allowed any logged-in customer to view bills and documents from other customers, as well as retrieve authentication tokens which allowed for direct API access to their internal billing SharePoint site.

Compromised data included customer’s full name, address, customer account number, payment reference number, bill, and payment dates, account balance, payment amount, bill amount, meter details, and meter readings.

Source: https://www.theregister.com/2020/08/28/southern_water_sharepoint_shenanigans/

TPRM report: https://scoringcyber.rankiteo.com/company/southern-water

"id": "sou232226123",
"linkid": "southern-water",
"type": "Vulnerability",
"date": "08/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Water Supply',
                        'location': 'United Kingdom',
                        'name': 'Southern Water',
                        'type': 'Utility'}],
 'attack_vector': 'Insecure Direct Object References (IDOR)',
 'data_breach': {'personally_identifiable_information': ['Customer full name',
                                                         'Address'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Customer full name',
                                              'Address',
                                              'Customer account number',
                                              'Payment reference number',
                                              'Bill and payment dates',
                                              'Account balance',
                                              'Payment amount',
                                              'Bill amount',
                                              'Meter details',
                                              'Meter readings']},
 'description': "A vulnerability in Southern Water's SharePoint management "
                'area allowed any logged-in customer to view bills and '
                'documents from other customers, as well as retrieve '
                'authentication tokens which allowed for direct API access to '
                'their internal billing SharePoint site.',
 'impact': {'data_compromised': ['Customer full name',
                                 'Address',
                                 'Customer account number',
                                 'Payment reference number',
                                 'Bill and payment dates',
                                 'Account balance',
                                 'Payment amount',
                                 'Bill amount',
                                 'Meter details',
                                 'Meter readings'],
            'systems_affected': ['SharePoint', 'API']},
 'title': 'Southern Water SharePoint Data Exposure',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Improper Access Control in SharePoint'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.