Thiscompromised the privacy of not just of the businesses involved, but also private individuals.
The implications for such a data breach are far-reaching and of major concern to all involved.
Occasionally, the affected parties deny the facts, disregarding our research or playing down its impact.
An additional dataset originated from customers making complaints appearing to be directed towards Rivalisregarding their service offer via email.
One of the databases also contained data fromSirene.fr, a public database of businesses registered in France.
The Henrri datacompromised the privacy of their clients,who would have providedsensitive financial detailsin strictest confidence.
Meanwhile,much of the job seeker data found in the “Rivalis” indices werent even provided knowingly.
Our team viewed PII belonging to people whose resumes were hosted on external recruitment sites.
They could also sell the data on the Dark Webfor further exploitation by an infinite number of criminal organizations.
They examine each hole for data being leaked.
If possible, we will also alert those affected by the breach.
Our team was able to access this database because it was completely unsecured and unencrypted.
Groupe Phosphore used an Elasticsearch database, which is ordinarily not designed for URL use.
The purpose of this web mapping project is tohelp make the internet safer for all users.
Company’s reply
A representative of Groupe Phosphore reached out to our team on November 22nd 2019.
The company responsible for data treatment is BM EST (groupe Phosphore)."
[Publication date: 25.11.2019]
just, comment on how to improve this article.
