The Connecticut-based organization lists some very well-known customers on its website. According to Cronin's website, they are "digital-driven, result-centered marketing agencies, driven by technology." Customer-centric: finance, health care and consumer goods/services ". In the press release issued on March 16, 2020, North American Horizon Group acquired Cronin, the largest independent full-service marketing agency in Connecticut. Their client list includes Dunkin, Lego, Henkel, Loctite and some other companies.
The following are the survey results: total size: 26.43GB/ total number of documents: 927 1 1060 public records, which contain internal logs, keywords, Google analytics data, session id, customer id, device data and other identification information of customer advertising activities. Login tokens and other security information. Internal cron enters employee username, email and hashed password, which may be the target of phishing attacks, or used to access restricted areas of the network or password-protected records. Employee and financial records in the following formats: rate, department: number, department code: technology and innovation, and other internal records or record formats. Publicly show where the data is stored and serve as a blueprint for how the service runs from the back end. It may provide a second path for malware. IP address, port, path and storage information, which can be used by cyber criminals to penetrate into networks that should not be made public. This is a database that can be opened and viewed in any browser (publicly accessible), and anyone can edit, download or even delete data without administrative credentials.
The disadvantage of technology is that digital recording and cloud storage also increase the risk of data events or exposure. For companies working in the digital field, the network security threat situation is evolving every day. Any organization that relies on technology and data as its core business must take extra measures to protect its digital records collected and stored online. In this case, anyone with an Internet connection can access a large number of records.
I immediately sent a responsible disclosure notice to several contacts on March 6, 20265438, including those found in the records. March 1 1, I noticed that the database was still open and followed it up again. This time, I talked to someone on the phone and he told me that they were aware of the incident and were dealing with it. The next day, the database was protected. It is not clear how long the database has been exposed, and it is not clear who else has access to Cronin records. We don't mean that any employees or customers of Cronin have ever faced risks, but emphasize the facts we found to improve our understanding of any potential network security vulnerabilities.
The risk of this exposure is that cybercriminals always try to use the data they find. Knowing the inside information of business relationship may expose employees and customers to social engineering attacks or targeted spear phishing attempts. Assuming that there may be enough information to participate in a man-in-the-middle attack or (MITM), an unauthorized third party intercepts or obtains the transaction between the two parties. For example, if the invoice is due, they will see the date, the amount and whether the invoice has been paid or owed. Next, the criminal will ask to deposit the money into his own account, not the company account. They just need to call or email and say "We have updated the bank information, please pay your outstanding balance to the following account". They can provide invoice numbers or other internal account information that only service providers have. The customer has no reason to doubt anything and the money is gone. The occurrence of this situation is far beyond people's imagination, and it is usually not reported unless the number is too large to be ignored.
It is estimated that in the United States alone, the size of the 202 1 digital marketing agency market has reached172 billion US dollars. Many competitors want to know how their business works from the back end. Analyzing data is the secret factor of any company's sales success. What tools or applications do they use? How about page views, click rate, sales volume, etc? This exposure clearly depicts the advertising location, cost, potential customer data sources and other important details.
Corporate espionage has a long history, and enterprises and companies do their best to protect the way they provide services. In this case, the front door is locked, but the back door is open, so anyone can access a lot of data and analysis information.
As security researchers, we never download or extract the data we find. Our goal is to protect and protect the exposed records before they are used. This reminds people once again that digital marketing and advertising must take more measures to protect the data they collect and store. Having a dedicated team to manage data security is an important step. We know that not all companies can afford a huge security budget, but they can easily create a communication channel to report data incidents or train customer support on how to manage external data security notifications. We often see data leakage, because key leaders are hidden behind firewalls, so it is difficult to report incidents. This will delay data security and increase the additional risk that information will be leaked or destroyed by ransomware.
We have not implied any misconduct by Cronin Group Holdings Limited, its partners or subsidiaries. We are not saying that customers or customers are at risk. We emphasize that our survey results are only for raising awareness of network security best practices and data protection.