- Security researchers uncover a massive repository with more than 3 million records
- It belongs to Builder.ai, a low-code/no-code platform
- It contains sensitive information, confidentiality agreements, etc.
Researchers claim that Builder.ai may have unwillingly exposed sensitive information of millions of users.
Jeremiah Fowler, security researcher known for his searches of non-password-protected databases containing sensitive information Intelsaid he discovered an archive containing more than 3 million records.
The repository belongs to Builder.ai, a UK-based no-code/low-code platform that enables businesses to quickly and affordably create custom software applications without the need for deep technical expertise.
Depends on the complexity of the system
Fowler said the database contains 3,077,542 records totaling 1.29TB, including cost proposals, confidentiality agreements, invoices, tax documents, screenshots of email communications, internal video files and more.
“Among the most concerning documents are two that show access and configuration details for two separate cloud storage databases, including secret access keys,” Fowler said. website planet.
“It is hypothesized that these access keys, if they fell into the wrong hands, could expose other potentially sensitive data.”
In total, there were 337,434 invoices and 32,810 documents labeled Master Services Agreements. The latter also includes a confidentiality agreement that includes name, email, IP address, project cost summary and other project details.
Fowler disclosed his findings to Builder.ai, but a month later, the company still hasn’t been able to lock down the repository, citing “the complexities of the dependent system,” and it’s unclear whether the repository is still open and accessible.
Database configuration errors remain one of the top causes of online data breaches. Many researchers warn that organizations don’t understand the shared security model that exists in most applications. Cloud services The result is a vast repository filled with valuable information that is open and accessible to all.
If cybercriminals find these files, they can use the information within to stage a phishing attack. identity theftthere may even be wire transfer fraud.