Cyber News recently discovered that a user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second largest human resources and temp staffing provider in the world. Adecco is also a Fortune 500 Global company.
The database for sale contained 5 million records and covers six Latin American/South American countries.
Soon after the post was published, it was taken down by the author. This appears to be the same threat actor behind the recent VPN leaks.
We reached out to Adecco to verify that the data belonged to them, but they have not responded yet.
Adecco has suffered a data breach in the past. In August 2019, Adecco Group informed Belgium’s privacy regulator that the biometric data of roughly 2,000 of the employees for its Belgian unit had been compromised due to a breach of Suprema ID Inc., which had supplied biometric services for Adecco.
The database appears to have been left open to the public with weak credentials. The year for this database is listed as 2021.
The database was Apache Cassandra, which is a free and open-source database management system, with default credentials – a very poor security practice.
It is unclear at the moment why the post was removed by the author. One likely scenario is that the database was sold quickly.
Full article on https://cybernews.com/security/5-million-adecco-com-users-data-leaked/
#adecco #dataleak #latinamerica #swiss #yokdata #blog