10,000 email addresses reportedly exposed in massive data leak

Privileged information revealed from 900 organisations including Dell, Verizon, according to reports

10,000 email addresses reportedly exposed in massive data leak

Around 10,000 email addresses belonging to 900 organisations have been reportedly exposed online following an alleged data leak from an office application based in the United States.

Cybernews reported that its researchers found a "publicly accessible web directory" that belonged to organisation Simpli, which offers an application that allows employees of companies renting office space to view stores in the same building.

According to the report, the web directory exposed around 10,000 email addresses of employees and hashed passwords from around 900 organisations. Some of the affected businesses include major firms such as Dell, Verizon, Comcast, AT&T, and the National Council on Disability.

Aras Nazarovas, an information security researcher at Cybernews, warned that the passwords "could still be cracked" despite the employee credentials being stored in a "relatively secure format."

"If the employee uses the same password for multiple accounts, the cracked password could be used to log into other, more sensitive, work-related endpoints," Nazarovas said in the report.

More sensitive information potentially exposed

In addition to email and passwords, the data leak also exposed orders made through the application, which contained potentially sensitive operational information.

According to the researchers, the information includes details about meetings between individuals from different firms and the purposes of the meetings.

Cybernews said the web directory stored backups of the company's website and Simpli app database that were made in January 2024. It believes that the open directory was likely exposed when the company was migrating its system from Drupal 7 to Drupal 9.

The news outlet has posted screenshots of the information that were exposed online, including the list of buildings and tenants, as well as user credentials. Simpli has yet to comment on the massive data leak.

Recent articles & video

Over half of C-suite executives expect more deepfake financial fraud: Deloitte

Following employee’s death, Bank of America introduces timekeeping tool

Breaking the rules: Younger employees more comfortable with it to 'get the job done'

Amazon orders full office return starting January 2025

Most Read Articles

Samsung to slash global workforce by up to 30%: sources

Employers’ reliance on AI during hiring may turn off top talent, report warns

Volkswagen cancels employment guarantees at German plants: reports