Connect with us
Researchers from UpGuard found a database that contains HCL employee data, internal reports and project information. Researchers from UpGuard found a database that contains HCL employee data, internal reports and project information.

Business

Researchers Found Exposed Database Containing HCL Employee Passwords, Client Management Record, And Internal Reports

[bctt tweet=”Researchers from UpGuard found a database that contains HCL employee data, internal reports and project information. The database is now inaccessible. ” username=”Z6Mag”]

HCL has exposed employee and project data in an unprotected database. Photo: Mike MacKenzie | Flickr | CC BY 2.0

Published

on

ad1

Notable IT services company, HCL, has left a database online that includes identifiable and sensitive data of its employees, and the database is open for download from an HCL-linked domain, cybersecurity research organization UpGuard revealed.

The discovery was made on May 1st, 2019 and revealed that the public data exposed included personal information and plaintext passwords of new hires, reports on installations of customer infrastructure, and web application for managing personnel. Following the disclosure to HCL, the company has already made the exposed database inaccessible and secured the known data exposures.

“On May 6, after reaching a reasonably complete level of analysis of the public pages and data, the researcher sent a notification to HCL’s Data Protection Officer at privacy@hcl.com. That notification included links to five subdomains hosting pages with some kind of business information and two URLs for pages as examples of what could be found on those subdomains. On May 7, the analyst confirmed that those two pages could no longer be accessed without authentication but that pages on the other subdomains were still accessible. The analyst sent a followup email linking to other pages with HCL data, and on the next day, May 8, the analyst confirmed that those pages were also no longer accessible to anonymous users,” said the announcement from UpGuard.

UpGuard reveals that the said accessible data were located after days of work because the exposed data were included in multiple subdomains and had to be accessed through a web UI. One of the accessible subdomains located by the researchers contained pages for various HR administrative tasks. While not all pages in the subdomain were accessible, the team said that access to the subdomain also allowed anonymous access to substantial amounts of personal information, “some of it very recent.”

A dashboard for new hires included records for 364 personnel. The oldest was from 2013, but over two hundred records were from 2019. Fifty-four of the records were for people who joined on May 6, 2019. The exposed data included candidate ID, name, mobile number, joining date, joining location, recruiter SAP code, recruiter name, created date, user name, cleartext password, BGV status, offer accepted, and a link to the candidate form.

A redacted sample of employee records who have joined in 2019. Photo: UpGuard

“Among those data points, the most obvious risk is that the passwords could be used to access other HCL systems to which these employees would be given access,” the post reads.

HCL Technologies Limited (Hindustan Computers Limited) is an Indian multinational information technology (IT) service and consulting company headquartered in Noida, Uttar Pradesh. It is a subsidiary of HCL Enterprise. Originally a research and development division of HCL, it emerged as an independent company in 1991 when HCL ventured into the software services business. The company offers a vast tech-related product portfolio from software development to cybersecurity, to Infrastructure Management and Engineering. They also provide IoT and cloud services.

Their relationship with their clients is also one of the things that were compromised by the recent exposure of data as customer installation reports were also exposed online for anonymous users to consume.

“The ASP framework used on this site had a security feature that prevents requests from being submitted if they are not from the UI. This prevents the alteration of requests to go beyond the scope of what the user is authorized to access. Because the UI was fully available to anonymous users, this did not protect the data but did prevent bulk downloading of all data by calling the APIs directly. None of the data here included credentials, but there were substantial amounts of information about HCL projects.”

Screenshot of the report index . Photo: UpGuard

Internal analysis reports were also compromised exposing 5700 incidents of “detailed incidences report with the following labels: VSAT ID, Location, ATM ID, Start time, End time, Duration, Reason, and Description. The “Service Window Uptime Report” includes VSAT ID, Consignee, City, Accountable Uptime, Comnet Issue, Non-HCL Comnet, Customer issue, Uptime. There were 450 records for April of 2019, 450 records for January of 2019, and 521 records for January 2018, matching the regularity one would expect from some kind of standard monthly report.

Other data that were anonymously accessed by the researchers are the company’s Weekly Customer Reports, Installation Reports, Escalation matrix for transportation service, and administrative panel for recruiting approval chain.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

‘Mahmee’ is a startup that wants to help new mothers through an app

Published

on

Photo: Mahmee website
ad1

Mahmee aims to help new mothers to safeguard their health through an app that connects them to healthcare services and other resources to help women — especially women of color — prevent post emotional and physical health complications.

Founded in 2014, Mahmee is a HIPAA-secure care management platform that makes it easy for payers, providers, and patients to coordinate comprehensive prenatal and postpartum healthcare from anywhere.

The United States is one of the countries with the worst rate of maternal deaths in the developed world, where thousands of women, especially women of color, experience pregnancy-related complications just before or in the year after childbirth. The annual maternity-related death in the U.S. reaches 700 deaths every year, Centers for Disease Control and Prevention said.

This is the reason why Melissa Hanna, CEO of Mahmee and a co-founder, along with her mother, Linda Hanna, put up the business in order to health women to get better access to postpartum and prenatal healthcare. Linda Hanna has been a long-time nurse and lactation consultant, making her see the reality of maternal health in the country – which contributed to their drive to put up their business.

“We believe that comprehensive maternal healthcare is ongoing education and support that addresses the unique intersection of the physical and emotional aspects of pregnancy, postpartum and parenthood, as each individual experiences them,” reads the website of Mahmee.

The service the startup is offering includes an app that connects new mothers to doctors, health care professionals, and motherhood experts. Mothers can sign up on their own and get access to a team of experts, including maternity coaches, nutritionists, and lactation coaches. If their healthcare professional also has an account in the app, the patient and the healthcare professional can share information with each other through the app.

In 2019, the app already has more than 1,000 providers and organizations in its network. In July, the app received $3 million in new funding to grow its team. A huge portion of the new funding comes from the tennis superstar, Serena Williams, who last year shared her horrifying near-death experience after she gave birth to her daughter.

“The idea for Mahmee came about from watching my mom work in this field for years and years and realizing that there was a limited set of tools available to professionals like herself to create the impact that she wanted to have on mothers’ and babies’ lives,” said Melissa Hanna, CEO of Mahmee.

“And after watching her build out very successful programs for hospitals and health systems and all sorts of different experiences in the inpatient setting, we started talking about what could be done in the outpatient setting when patients are home with their families,” she added.

Melissa said in an interview that through the years, Mahmee has been helping new mothers who are experiencing prenatal anxiety and supporting them in preparing for their childbirth experience in the hospital. Some of those that they have helped experience postpartum bleeding and depression.

“In the past 12 months, we’ve had patients who’ve experienced severe blood loss and postpartum hemorrhaging. We’ve worked with families and with mothers that are experiencing prenatal anxiety and supporting them in preparing for their childbirth experience in the hospital. There have been patients who have experienced postpartum depression; in some cases, some very severe postpartum psychosis symptoms,” she said.

Furthermore, Melissa echoed the problem and how black women are the most affected by it. She said that there is a discrepancy on how black mothers and infants are being taken care of in the hospital.

“What we’re seeing now is the crisis of maternity and infant health care come to the surface because the stats around black mother and black infant mortality and morbidity are so inexcusable. There’s a huge discrepancy in how patients are cared for,” she added.

Melissa said that Mahmee also practices what is called “culturally competent care,” where “from day one our team is getting trained on how to listen to families’ concerns actively, and specifically to read between the lines of the things that are being shared by new mothers.”

In the end, Melissa and her mom only hoped for a future where new mothers are safe and well taken care of – no matter what color their skin is. And they hope that Mahmee, as an app, can democratize access to necessary healthcare attention to every mother in the United States.

Continue Reading

Startups

TuSimple self-driving trucks is the future of cargo delivery

Published

on

Photo: TuSimple website
ad1

Cargo and mails have been delivered inside Arizona by self-driving trucks that people don’t even know about as UPS has only announced this week that they have been using TuSimple, a self-driving car startup, to move cargo around the state for quite some time.

The announcement comes with the disclosure that UPS has also made a funding venture to help the startup. Since May, TuSimple autonomous trucks have been hauling UPS loads on a 115-mile route between Phoenix and Tucson.

The shipping and cargo company confirms that this is the first time that they have used TuSimple’s autonomous trucks to deliver mails across the state.

TuSimple is a shipping and cargo startup that prides itself with autonomous and self-driving trucks, which, according to their website, would cut the average cost of shipping in a tractor-trailer by 30 percent. “Our proprietary AI is capable of long-distance highway driving, and complex surface street driving – enabling fully autonomous deliveries from one depot to another,” read’s TuSimple’s website.

They also advertise that they have road-safe autonomous trucks designed with an AI that is trained to respond to road incidents in the shortest possible time.

“At highway speeds, 1000 meters provides 35 seconds of time to react, enabling the system to make the safest and most efficient driving decisions,” reads the startup’s website. “Our perception system is designed to identify objects and obstacles, even in adverse weather conditions.”

The promising pitch of the startup has awakened the interest of huge shipping and cargo companies like UPS. In an announcement about their funding for the startup, UPS Ventures managing partner, Todd Lewis, said the venture arm “collaborates with startups to explore new technologies and tailor them to help meet our specific needs.”

The startup is also what shipping companies are looking at as a solution to the declining number of truck drivers in the United States.

“Long-haul routes with short turnaround times, such as this 22-hour journey, are well suited for self-driving trucks because they are normally accomplished with driving teams of two. Driving teams are challenging to recruit due to overnight driving requirements, the need to share close quarters with another person and a significant truck driver shortage,” said TuSimple in a press release.

In the partnership announcement from UPS, the shipping giant said that TuSimple has been helping them understand how to get to Level 4 autonomous driving where a vehicle is fully autonomous and able to reach a particular location. Right now, the TuSimple self-driving trucks still have an engineer and a safety driver tagging along the trip, but UPS is hopeful that with the help of the startup and the backing of huge shipping companies, they will be able to find a way to automize their delivery trucks fully.

Right around the time that UPS announced its partnership with TuSimple, the same deal was made between the startup and the United States Postal Service (USPS) to have a two-week pilot operation to deliver mail between Phoenix and Dallas, a 1,000-mile trip.

The pilot operation with USPS will involve five round trips totaling over 2,100 miles, estimated at about 45 hours of driving, and will pass through major interstates spanning Arizona, New Mexico, and Texas.

The partnership with huge shipping companies could help the San Diego-based startup be more commercialized, the founder said. “Performing for the USPS on this pilot in this particular commercial corridor gives us specific use cases to help us validate our system, and expedite the technological development and commercialization progress,” Dr. Xiaodi Hou, ‘TuSimple’s founder, said in a statement.

“It is exciting to think that before many people ride in a robo-taxi, their mail and packages may be carried in a self-driving truck,” added Dr. Xiaodi Hou.

The startup aims to be the pioneer in providing autonomous trucks to serve shipping companies in the U.S., and it aims to boost the shipping industry as well.

“TuSimple is aiming to boost the $800-billion U.S. trucking industry by increasing safety, reducing carbon emissions and transportation costs, and optimizing logistics for fleet operators. With a 1000 meter vision range, TuSimple autonomous trucks are safer because they can see more and react faster than humans – rain or shine, day or night,” reads a press release.

Continue Reading

B2B

Alibaba’s Joe Tsai buying Brooklyn Nets and Barclays Center for $3.5 billion

Published

on

Joe Tsai buys Brooklyn Nets and Barclays Center
Photo: RISE | Flickr | CC BY 2.0
ad1

Joe Tsai is reportedly buying the Brooklyn Nets and the Barclays Center for around $3.5 billion. The agreement could be announced as soon as Friday.

The Taiwan-born Tsai is among the 18 co-founders of Alibaba. He currently sits as the executive vice-chairman of the company. Forbes estimates his worth to be around $9.9 billion. He is Alibaba’s second-largest shareholder after Jack Ma. The Yale-educated businessman is presumed to take on an even bigger role once Ma steps down from Alibaba. 

The deal would give Tsai control of the Brooklyn Nets. In May 2018, Tsai was able to buy 49% of the Brooklyn Nets from Mikhail Prokhorov for $1 billion.  

Upon closing the deal last year, Prohorov welcomed Tsai into the organization and said: “We are excited to have Joe as a partner. He brings tremendous global experience, a passion for basketball, and shares our vision for the development of the Nets”

In last year’s deal, Tsai was given the option to buy the remaining stake of the team in 2021. However, it seems that the deal would be coming earlier than expected. Prohorov currently owns 59% of the basketball franchise. 

If the deal between Tsai and Prohorov has been finalized, this would give the former full ownership of the team — two seasons earlier than anticipated.  With the team’s valuation of $2.35 billion, this deal would make it the highest price ever paid for a sports team franchise in history.  

The current record is held by David Tepper and Tilman Fertitta. Tepper bought the NFL’s Carolina Panthers in 2018 for $2.2 billion. In 2017, the owner of multi-brand corporation Landry’s, Fertitta bought the Houston Rockets for the same amount.  

The ownership of the Brooklyn Nets is not the only deal that Tsai is reportedly making with Prokhorov. In a separate deal, Prokhorov is selling his stakes in the Barclays Center to Tsai. The arena is where the Nets play during their home games. This follows the NBA’s preference for the team and the arena where they play to be under one ownership. If both deals are combined, it would amount to a record-breaking $3.5 billion.

Joe Tsai is no stranger to sports team ownership. Before buying his stakes of the Nets, Tsai bought box lacrosse team — San Diego Seals. In January 2019, he headed a group that bought the WNBA’s New York Liberty from The Madison Square Company. A month after, Tsai joined The Raine Group and The Chernin Group in investing in a new lacrosse league — the Premier Lacrosse League.  

With the Nets deal, this would make Tsai as the eight richest sports team owner in the world. In the NBA, he becomes second only to the owner of the Los Angeles Clippers, Steve Ballmer.  

The change in the principal owner of the Brooklyn Nets comes after the team’s good run in the NBA last season. The team made it to the playoffs for the first time in four years.  

Before the new NBA season starts, the Brooklyn Nets have already gotten the services of two free agents — Kyrie Irving and Kevin Durant.  With the addition of the pair to the team roster, attendance is expected to increase. Last season, the Nets ranked 14th in terms of attendance with an average 14,941 per game. 

While Tsai’s take over of the Nets is still subject for approval by the NBA, this move is seen as something positive and beneficial to and for the league. The NBA is currently growing at a rapid speed in China. To add, Joe Tsai is part of NBA China’s board. NBA China conducts the league’s business in the country.  

With the NBA’s growth in the country, it has become such a massive business. The NBA has become China’s most popular sports league. With its growing fanbase, the NBA has also expanded its reach by opening NBA stores in China. In April of this year, the NBA opened its biggest official store outside of North America in Beijing.

Dubbed as the “Joe Tsai effect,” the Brooklyn Nets will be joining the Los Angeles Lakers in the 13th edition of the NBA China Games. The two teams will play two preseason games in Shanghai and Shenzhen in October.

Continue Reading

Trending