Commentary

Hackers Take All: Manufacturing Firm's Data Is Wide Open, Researchers Say

Most observers have become inured to news of data breaches. But here is one that should bother anyone who is interested in maintaining corporate integrity. 

DKLOK, a pipe, valve and fitting manufacturer based in South Korea, is wide open to anyone who wants to know anything about it, according to vpnMentor, a self-described ethical hacking group that discovered the lack of email protection and encryption during a large web-mapping project. The data includes (and we quote): 

Product prices and quotes      

  • Project bids      
  • Travel arrangements 
  • Private conversations
  • Discussions on suppliers, clients, projects, internal
  • Operations
  • Full names of employees and clients
  • Internal email addresses from various international DKLOK branches
  • Employee/User IDs
  • External/client email addresses, full names, phone numbers
  • Personal emails received on work email addresses (Alibaba orders, newsletters, Starwood hotels, spam/junk mail for viagra and hair growth products)
  • Professional events and conventions attended by DKLOK employees.

Yikes -- better look to your DMARC and other protections.

VpnMentor disclosed the leak in a blog item this week. Its research term, led by Noam Rotem and Ran Locar, was able to view confidential email communications within DKLOK. And perhaps to their own amusement, they saw emails they themselves had sent to the firm (that it never answered). 

“The most absurd part is that we not only know that they received an email from one of the journalists we work with, alerting them to the leak in this report, but we know they trashed it,” they write.

MediaPost was unable to independently verify these findings. But if they are accurate as presented, they could have major consequences. 

The firm operates in Iran, Germany, Australia, Israel, Russia, South Korea, USA, France, Turkey, New Zealand, Italy, Canada, Egypt, Portugal, Jordan, South Africa and Brazil. That’s scary enough. 

VpnMentor strongly advises DKLOK to “review your security protocols internally and those of any 3rd party apps and contractors you use. Make sure that any online platform you integrate into your operations follows the strictest data security guidelines.” 

And for clients? They are advised simply to contact DKLOK.

Next story loading loading..