Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » IT Giant HCL Exposed Employee Passwords and Customer Project Details Online

IT Giant HCL Exposed Employee Passwords and Customer Project Details Online

  • Multiple subdomains operated by HCL were found to be publicly exposed.
  • The sensitive data exposed includes personal information and plaintext passwords for new hires, customer reports, and dashboards for managing personnel.

Indian IT firm HCL has come under the scanner after it left sensitive information such as employee passwords, as well as certain customer details out in the open. The alarming discovery was made by a security researcher from UpGuard.

The researcher found that sensitive information did not have any authentication measures and was publicly available. Upon being informed by the researcher, the technology service provider took down the exposed data.

What happened?

Multiple subdomains of HCL were found spilling sensitive information. Initially, a single file containing customer keywords was found to be openly available for download from an HCL-owned domain. Subsequent searches on this domain led to the discovery of other publicly accessible pages with personal and business data.

What information was exposed?

One of the exposed subdomains contained a webpage with a dashboard for HR-related tasks. This dashboard contained records of 364 new employees. It included “candidate ID, name, mobile number, joining date, joining location, recruiter SAP code, recruiter name, created date, user name, cleartext password, BGV status, offer accepted, and a link to the candidate form.” Another page exposed names and SAP codes of more than 2,800 employees.

HCL’s “SmartManage” reporting system was also exposing confidential reports through its interface. This included ‘Internal Analysis Reports’, ‘Weekly Customer Reports’ and ‘Installation Reports’ that were related to HCL’s clients.

Another page displayed the names, email address, and mobile phone numbers for fifteen cab hubs and seven bus hubs. In addition, a system known as “Smart Recruit” showed details of approvers in the hiring process.

Response from HCL

UpGuard observed that HCL remediated the data exposure quickly when it informed the firm. “HCL has a Data Protection Officer, which not all companies do. The existence of that role is clearly advertised, and an email address for contacting them easy to find. Though HCL never responded to UpGuard, they took action immediately on notification,

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket