Report: Data Exposure discovered at EventBuilder, the Global Specialists in Webinar Conference Planning
Clario worked with independent cybersecurity researcher Bob Diachenko to uncover and responsibly report the incident described below.
The data exposure, discovered using the Grayhat Warfare search engine, involved the exposure of potentially hundreds of thousands of files containing sensitive information relating to events registrants. The investigation was led by the team at the Clario research center and highlighted how thousands of large-sized CSV/JSON files with Microsoft events registrants' details and summaries had been exposed to potential hackers worldwide. This put EventBuilder in the unenviable position of being part of an elite but particularly vulnerable club.
EventBuilder provides a suite of webinar tools and professional services that are intended to work seamlessly with Microsoft Teams, Teams Live Events, and Skype for Business. The idea is to extend their functionality by providing registration pages, security, cloud recording, and reporting, to mention just a few of the available services. In a nutshell, they cover event logistics so the client can focus on the content. The data was stored on Microsoft Azure Blob Storage — Microsoft’s object storage solution for the Cloud. Blob storage is optimized for storing massive amounts of unstructured data (data that doesn’t adhere to a particular data model or definition, such as text or binary data).
|Timeline of Events|
|Data Leak Discovered||June 10th, 2021|
|Reported On||June 10th, 2021|
|Was the Issue addressed?||Yes|
|Comment provided by EventBuilder?||No|
Data Exposure Summary
As mentioned above, the EventBuilder platform is widely used by Microsoft and integrated with their Teams solution. The storage in question was supposed to be partially public, to host recorded sessions for link-only access. However, for some reason, the webinar organizers were putting registrant information into the blob. This meant it was open to indexing by a Public Bucket searcher (Grayhat Warfare), thus compromising their personal information and potentially putting them in danger of being targeted by hackers from across the globe.
Information Included in the Data Leak
Thousands of large-sized CSV/JSON files with Microsoft events registrants details and summaries, including:
- Full names
- Email addresses
- Company names and position in the company
- Phone numbers
- Questionnaires answered
The estimated number of records leaked is unknown but based on the exposed file sizes, it could run into the hundreds of thousands.
The screenshots below show examples of the leaked data — this has been redacted for the purpose of protecting registrants.
As can be seen, this was a serious leak of sensitive data containing potentially lucrative information to any unfriendly hackers that may have gained access to it.
Was this a preventable data exposure? Undoubtedly! Online security is not a luxury in this day and age, but a necessity. Any company can avoid finding themselves in this dangerous situation by following some essential, but really quite simple, security measures:
- Make sure you implement proper access rules and only allow authorized personnel to access any sensitive information
- If a system doesn’t require authentication, never leave it open to the internet
- Don't ignore your corporate desktop and mobile security hygiene
With Clario protection, you’re always safe. It allows you to:
- Guard your online identity from theft with 24/7 data breach monitoring
- Safeguard your browsing by encrypting any data you send online with a VPN — this allows you to browse on public Wi-Fi risk-free
- Detect and remove security threats with 24/7 virus protection
- Browse without interruption by blocking spying trackers.
Please check out the Clario website for further information on how Clario can cover all your privacy requirements.