Major Australian trade tool retailer Sydney Tools had more than 34 million online order records and over 5,000 employees' records leaked by an unprotected ClickHouse database, according to Cybernews.
Information exposed by the misconfigured database included not only customers' names, home addresses, email addresses, phone numbers, and ordered items but also current and former workers' names and surnames, designated branches, compensation, and targeted sales figures, an analysis from Cybernews researchers revealed. Sydney Tools has yet to secure the leaky database despite having been informed regarding the inadvertent data exposure earlier last month, said researchers, who emphasized the potential exploitation of the company's data in highly targeted cyberattacks. "Information Sydney Tools is leaking. This can aid cybercriminals in the surprisingly common crime of tool theft, as well as more standard cybercrimes such as identity theft, phishing, or spam campaigns," researchers added.
