HCL leaks confidential data, Instagram exposes the data of most popular users

22.05.2019

Back to news

HCL, India’s third-biggest IT services company, an $8 billion conglomerate with more than 100,000 staff members, exposed employee data and details of customers’ projects as well as internal analysis reports and installation reports – about 2000 clients were affected.

Passwords, IDs, names, mobile numbers of employees, including new ones and candidates, recruiters’ names, BGV statuses and SAP codes were compromised. The sensitive information could be used by offenders to pave the way into the system for more confidential data. Information might have been exploited – emails could become a phishing target. HCL’s intellectual property was displayed alongside which would give competitors some advantage.

Publicly accessible pages were detected on May 1 by a researcher, on May 6 HCL was notified, and the data was secured on May 8. The reason for such a quick response from the company is a data protection officer who HCL hired some time ago – not all companies take a specialist on board to specifically implement an information security function.

The exposure is not a typical one, it reveals data spread out across multiple subdomains whereas a common data breach usually concerns a single database or storage.

49 million Instagram users have discovered their data had been leaked.

Popular and famous accounts were affected – among the details there were phone numbers breached.

Celebrities’ and influencers’ information was exposed online and could be accessed freely.

How the data became publicly available is subject to investigation. It is to be disclosed whether a “third party improperly stored Instagram data” violating the policies.

Instagram is claimed to not have ensured a third-party is fully responsible for its share of the partnership. Instagram is to supervise its cooperators and whether they secure the data properly.

The database which got leaked belongs to Chtrbox, the social media marketing company which pays Instagram influencers so they would post sponsored content.

Private contact information and location of popular Instagram bloggers was exposed. Some celebrities state that their data was affected although they’ve never contacted Chtrbox.