An Indian startup focusing on artificial intelligence (AI) solutions leaked sensitive corporate data, including extensive information about its projects and employees.
The Cybernews research team has discovered an open database belonging to Brane Group-owned Indian startup NSLHub. According to its website, NSLHub “is a one-stop shop for all vertical, horizontal, and support business solutions” committed to “realizing artificial general intelligence by 2025.”
The open database contained extensive information about the company. It had 221 employee information entries, including names, emails, and passwords. The latter were stored in what seems to be Base64 encoding – this is used for convenient data storing but does nothing to protect passwords.
The company was also leaking over 10,000 records of emails and their contents that included employees’ daily task descriptions and performance reports.
The dataset, which was closed after we reported it to the company, also contained nearly 2,000 item order requests with details about projects they were used for and their prices.
Moreover, the leaky dataset had records of authentication logs for some internal tools, including employee emails, login timestamps, links to the tools, and employee internal protocol (IP) addresses.
The Cybernews research team considers the leaked database highly sensitive, since threat actors could access confidential information including company projects, their progress, and tools needed for specific projects.
Full article on https://cybernews.com/security/ai-startup-leak-employee-secrets/
#NLSHub #India #AI #database #data #leak #yokdata #blog