ERP firm ClickBalance leaks over 750 million records
Learn More
The cybersecurity researcher Jeremiah Fowler is reporting a major data leak at ClickBalance, a prominent Mexican Enterprise Resource Planning (ERP) technology provider.
ClickBalance is a Mexican company that provides Enterprise Resource Planning (ERP) software solutions. Their cloud-based ERP system offers management of accounting, inventory and payroll processes.
Fowler identified an unprotected database containing a staggering 769 million records, which included sensitive information. The database was reported to Website Planet and subsequently secured following a responsible disclosure notice.
Exposed Data:
- Access tokens
- API keys
- Secret keys
- Bank account numbers
- Tax identification numbers
- 381,224 email addresses
Since Access Tokens and Keys were exposed in plain text, they could allow unauthorized access to critical systems, risking data theft, unauthorized transactions, and service disruptions. Additionally the leak of over 381,000 emails can be used for targeted phishing attacks or sold for spam campaigns.
The total size of the exposed database was 395 GB, with the records totaling 769,333,246 entries. It's not clear how long the database was exposed for and whether any unauthorized access occurred.
