Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,494
- Points
- 113
The US National Security Council (NSC) has committed an unprecedented leak that has exposed the credentials of 2,000 companies, including government agencies and large corporations, to the public since January. This was reported by Cybernews researchers.
The non-profit organization NSC provides security education. Its website has nearly 55,000 registered users.
Cybernews experts discovered a platform subdomain that was allegedly used during development. It published a list of all online directories, allowing access to most of the server's files, including a database backup with user emails and hashed passwords.
Data: Cybernews.
The Ministry of Justice, the US Navy, the FBI, the Pentagon, NASA, Shell Corporation, BP, Intel, IBM, AMD, Boeing, Pfizer, Ford, Toyota, Volkswagen, Tesla, Amazon, Coca Cola and many others are among the victims.
The data has been publicly available for five months since IoT search engines first indexed the leak on January 31, 2023. NSC fixed the issue after being contacted by Cybernews.
Potentially, the leak could be used to access corporate networks in order to inject ransomware or steal internal documents.
The non-profit organization NSC provides security education. Its website has nearly 55,000 registered users.
Cybernews experts discovered a platform subdomain that was allegedly used during development. It published a list of all online directories, allowing access to most of the server's files, including a database backup with user emails and hashed passwords.
Data: Cybernews.
The Ministry of Justice, the US Navy, the FBI, the Pentagon, NASA, Shell Corporation, BP, Intel, IBM, AMD, Boeing, Pfizer, Ford, Toyota, Volkswagen, Tesla, Amazon, Coca Cola and many others are among the victims.
The data has been publicly available for five months since IoT search engines first indexed the leak on January 31, 2023. NSC fixed the issue after being contacted by Cybernews.
Potentially, the leak could be used to access corporate networks in order to inject ransomware or steal internal documents.
