DK-Lok data breach exposes global enterprise client data, internal emails

Requests to plug the leaking database were trashed - information ironically revealed through the exposed system.

How big is the Capital One breach? 100 million Americans and 6 million Canadians caught up in breach.

Perhaps, one day, the continual stream of data leaks and cybersecurity breaches stemming from open databases will make organizations sit up, take notice, check their IT infrastructure, and resolve any security problems they find. 

Today is not that day it seems for DK-Lok, the latest entry in a long list of companies which have left their private emails and communications available for the world to see.

On Thursday, cybersecurity firm vpnMentor publicly revealed the existence of an open database belonging to the South Korean industrial manufacturer. 

The database was discovered during vpnMentor's web mapping project, in which port scanning is used to find online systems without any form of authentication or access restrictions in place.

See also: A data breach forced this family to move home and change their names

DK-Lok is an industrial supplier of goods including fittings, pipes, valves, and semiconductor regulators. The company supports a global customer base and has established sales offices & distributors across the US, Europe, and beyond. 

An email platform found by the researchers, led by Noam Rotem and Ran Locar, revealed DK-Lok's internal and external communications records. It is possible to read emails sent between staff, their clients, as well as a selection of private emails routed through the platform. Personal messages received on work addresses include online e-commerce order notes, newsletters, and emails sent by hotel operators.

ZDNet verified the existence of the database, which remains open at the time of writing. 

Many of the emails were marked "private" and "confidential." The organization is exposing emails relating to its operations, products, and clients -- including product bids, quotes, travel details, and private conversations, all of which could have inherent value to competitors. 

Alongside emails, full client and staff names, telephone numbers, and user IDs have also become exposed.

CNET: Google, Apple and Mozilla to block internet surveillance in Kazakhstan

It is not just the manufacturer that is embroiled in the data leak. Client communications and information, too, is involved, spanning from the US and South Korea to New Zealand, South Africa, and Australia, among other countries. One entry, as shown below with redacted information, appears to relate to an email been sent by the Australian government. 

screenshot-2019-09-04-at-13-53-01.png

On the grounds of ethics, it is not known exactly how many external companies have been involved in the breach, as finding out would require a deep-dive into the available data. 

However, vpnMentor told ZDNet that at least 1,500 ".co.uk" email addresses were leaked, which may indicate how many British companies -- at least, those not using ".com" email addresses -- have been unwittingly involved. As this figure relates to the UK alone, the number of those impacted worldwide could be many thousands. 

"This data breach has many negative implications for DK-Lok," the researchers say. "The most obvious is the reputational damage caused to the company. Aside from the internal emails found in the leak, DK-Lok clients would also be concerned to learn their emails were also exposed and visible."

TechRepublic: Microsoft will pay hackers up to $30K to find flaws in the new Edge browser

VpnMentor and ZDNet first reached out to DK-Lok on 21 August following the discovery of the open database. Over the course of several weeks, numerous attempts were made over phone and email asking for DK-Lok to respond and remove access to the open system. 

Emails sent to the company to inform them of the leak, ironically, are also viewable -- as well as indicators that at least one email sent by ZDNet was placed in the trash bin. In a final bid over the phone, once the situation was explained, the company cut off the call. 

DK-Lok has yet to acknowledge the security issue or the researchers' findings. 

screenshot-2019-09-05-at-12-11-46.png

Back in May, vpnMentor researchers stumbled across an unsecured database belonging to Pyramid Hotel Group. The open database exposed 85GB in security logs impacting 96 locations. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0