Connect with us

Business

Researchers Found Exposed Database Containing HCL Employee Passwords, Client Management Record, And Internal Reports

Researchers from UpGuard found a database that contains HCL employee data, internal reports and project information. The database is now inaccessible. Click To Tweet

Published

on

Researchers from UpGuard found a database that contains HCL employee data, internal reports and project information.
HCL has exposed employee and project data in an unprotected database. Photo: Mike MacKenzie | Flickr | CC BY 2.0

Notable IT services company, HCL, has left a database online that includes identifiable and sensitive data of its employees, and the database is open for download from an HCL-linked domain, cybersecurity research organization UpGuard revealed.

The discovery was made on May 1st, 2019 and revealed that the public data exposed included personal information and plaintext passwords of new hires, reports on installations of customer infrastructure, and web application for managing personnel. Following the disclosure to HCL, the company has already made the exposed database inaccessible and secured the known data exposures.

“On May 6, after reaching a reasonably complete level of analysis of the public pages and data, the researcher sent a notification to HCL’s Data Protection Officer at privacy@hcl.com. That notification included links to five subdomains hosting pages with some kind of business information and two URLs for pages as examples of what could be found on those subdomains. On May 7, the analyst confirmed that those two pages could no longer be accessed without authentication but that pages on the other subdomains were still accessible. The analyst sent a followup email linking to other pages with HCL data, and on the next day, May 8, the analyst confirmed that those pages were also no longer accessible to anonymous users,” said the announcement from UpGuard.

UpGuard reveals that the said accessible data were located after days of work because the exposed data were included in multiple subdomains and had to be accessed through a web UI. One of the accessible subdomains located by the researchers contained pages for various HR administrative tasks. While not all pages in the subdomain were accessible, the team said that access to the subdomain also allowed anonymous access to substantial amounts of personal information, “some of it very recent.”

A dashboard for new hires included records for 364 personnel. The oldest was from 2013, but over two hundred records were from 2019. Fifty-four of the records were for people who joined on May 6, 2019. The exposed data included candidate ID, name, mobile number, joining date, joining location, recruiter SAP code, recruiter name, created date, user name, cleartext password, BGV status, offer accepted, and a link to the candidate form.

A redacted sample of employee records who have joined in 2019. Photo: UpGuard

“Among those data points, the most obvious risk is that the passwords could be used to access other HCL systems to which these employees would be given access,” the post reads.

HCL Technologies Limited (Hindustan Computers Limited) is an Indian multinational information technology (IT) service and consulting company headquartered in Noida, Uttar Pradesh. It is a subsidiary of HCL Enterprise. Originally a research and development division of HCL, it emerged as an independent company in 1991 when HCL ventured into the software services business. The company offers a vast tech-related product portfolio from software development to cybersecurity, to Infrastructure Management and Engineering. They also provide IoT and cloud services.

Their relationship with their clients is also one of the things that were compromised by the recent exposure of data as customer installation reports were also exposed online for anonymous users to consume.

“The ASP framework used on this site had a security feature that prevents requests from being submitted if they are not from the UI. This prevents the alteration of requests to go beyond the scope of what the user is authorized to access. Because the UI was fully available to anonymous users, this did not protect the data but did prevent bulk downloading of all data by calling the APIs directly. None of the data here included credentials, but there were substantial amounts of information about HCL projects.”

Screenshot of the report index . Photo: UpGuard

Internal analysis reports were also compromised exposing 5700 incidents of “detailed incidences report with the following labels: VSAT ID, Location, ATM ID, Start time, End time, Duration, Reason, and Description. The “Service Window Uptime Report” includes VSAT ID, Consignee, City, Accountable Uptime, Comnet Issue, Non-HCL Comnet, Customer issue, Uptime. There were 450 records for April of 2019, 450 records for January of 2019, and 521 records for January 2018, matching the regularity one would expect from some kind of standard monthly report.

Other data that were anonymously accessed by the researchers are the company’s Weekly Customer Reports, Installation Reports, Escalation matrix for transportation service, and administrative panel for recruiting approval chain.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Uber Elevate Revealed First Glimpse Of Aerial Delivery

Uber Eats is taking food deliveries to the sky as early as this summer over San Diego Click To Tweet

Published

on

Uber Eats Drones | Photo From: Uber

Uber is launching an air version of its Uber Eats service in San Diego alongside its plans of bringing Uber Air for public use through Uber Elevate. And the concept is arriving sooner than expected.

Uber Elevate is the ride-sharing company’s urban air mobility division that supervises all of Uber’s innovations towards taking advantage of the positive impacts and possibilities of aerial delivery.

Conventionally, ground travel has grown to become overly congested and a nuisance that the solution of making deliveries more efficient is by looking up to the sky.

Ride-sharing companies and other mobility services such as food deliveries are dependent on their human drivers to provide and fulfill orders. But with the current rate of driver satisfaction, implementing autonomous or tech-dependent vehicles would help Uber alleviate worries from continued driver decline.

And today, Uber, for the first time, shared a glimpse of its next-generation delivery service via Twitter. Working alongside its partner McDonald’s in making the aerial delivery concept a reality; Uber Elevate tests drones to deliver Mcdonald’s with its specialized box to hold items in place.

Here’s how delivery works:

As much as we want to, drones won’t carry your orders right on your doorstep, at least not yet. Ideally, once a customer confirms an order, the assigned restaurant prepares the meal and then load it into the drone’s specialized box.

The very same drone will then ascend and glide on its journey to its designated drop-off point where an on-ground vehicle awaits to accomplish the last leg of the delivery.

Uber’s Elevate Cloud Systems will track and guide the drone, as well as, notify an Uber Eats delivery driver when and where to pick up the package. The drones will use the QR codes emblazoned on Uber Eats vehicles to determine its designated drop-off point.

In its Uber Elevate Conference 2019, the ride-hailing company pointed out its avoidance of making restaurant-to-home deliveries a reason for an accident on the road. Also, its participation to limit noise pollution caused by a handful of rotors zipping to and fro.

Uber Eats Flight and Delivery Plan
Source: Uber

Regarding pricing rates and fees, Bloomberg reported that the air-involved Uber Eats delivery fee will be “consistent” in the San Diego area ranging up to $8.50.

Uber plans to start making deliveries via drone in San Diego as early as this summer and would wish to expand to neighboring cities like Los Angeles. However, Uber is still awaiting approval from the Federal Aviation Authority (FAA) to proceed.

“We’ve been working closely with the FAA to ensure that we’re meeting requirements and prioritizing safety,” Uber Elevate Head of Flight Operations Luke Fischer said in a statement. “From there, our goal is to expand Uber Eats drone delivery so we can provide more options to more people at the tap of a button. We believe that Uber is uniquely positioned to take on this challenge as we’re able to leverage the Uber Eats network of restaurant partners and delivery partners as well as the aviation experience and technology of Uber Elevate.”

Uber Eats earns the company more than its parent service or ridesharing—which would prove why Uber is so adamant in pushing drone services with Uber Eats be available right away.

Specifically, Eats is on a steady pace of increasing its profits margin compared to Uber. Eats proves to be a revenue driver with gross bookings growth of 108% to $3.07 billion.

For the first quarter of 2019 alone, Eats generated $536 million in revenue for Uber — doubling the revenue generated from its 2018’s first quarter. Meanwhile, Uber’s ride-hailing revenue only went up 9 percent year-over-year.

From a broader perspective, Uber’s first-quarter earnings in 2019 reported a gross bookings growth of 230% for its other bets, while ride-hailing grew 22% compared to the same quarter last year.

Continue Reading

Advertising

The North Face Google Search Campaign Denounced By Wikipedia — Company Blamed Lack Of Communication

The North Face hacked Google's top search results by exploiting Wikipedia. Click To Tweet

Published

on

Screenshot from The North Face video

In The North Face latest video campaign, they proudly announced reaching number 1 in Google’s search results by paying nothing; an impossible feat in the search engine giant’s platform.

“We hacked the results to reach one of the most difficult places: the top of the world’s largest search engine, paying absolutely nothing, just by collaborating with Wikipedia,” says in their video.

The campaign achieved its goal: they were number 1 on Google’s Top Photos. However, the popular American outdoor lifestyle brand found itself in controversy — as Wikipedia and public outcry denounced the campaign.

A Brazilian subsidiary of ad agency Leo Burnett created the video and was behind the effort in April to insert the images on Wikipedia pages.

In the video material shared by AdAge, The North Face explained how they were able to “hack” Google.

The North Face capitalized on the idea that often times, before going on a trip, people turned to Google to make a basic search. Furthermore, those search results often had Wikipedia at the top of the list of search results. In relation, the images attached to these Wikipedia pages are also the top photo results in Google Images.

To exploit this, they hired Leo Burnett’s Brazil team to take photos of models in popularly searched travel locations wearing The North Face jackets, clothes, and equipment — which they eventually used to replace the photos on Wikipedia pages.

At the end of the campaign, there was North Face gear in more than 15 locations including Brazil’s Guarita State Park and the Mampituba lighthouse, as well as, California’s Cabo peninsula, Peru’s Huayna Picchu, and Scotland’s Cuillin mountains.

The result was that The North Face photos that were replaced in Wikipedia ended up to be the top photo results every time someone searched for the popular destinations. Hence, massive publicity boosts and free advertising costs.

Initially, The North Face and Burnett’s team appeared to be clueless about the possible backlash from an ethical standpoint; considering the lines that were said in the video seems to be an accomplishment for the team. The video, shown above, starts with the line, “How can a brand be the first on Google without paying anything for it?” and brags that they “did what no one has done before…we switched the Wikipedia photos for ours” and that they “[paid] absolutely nothing just by collaborating with Wikipedia.”

Hours after uploading the AdAge video campaign, Wikipedia moderators removed 12 images (or, in some cases, simply cropped out the TNF logo), and reported the accounts that had uploaded them for breaches of Terms of Use for undisclosed paid advocacy.

“Adding content that is solely intended to promote a company or its products goes against the spirit, purpose, and policies of Wikipedia to provide neutral, fact-based knowledge to the world,” the Wikimedia Foundation wrote in response. “It exploits a free public learning platform for corporate gain.”

Moreover, Wikipedia said in a tweet, “Yesterday, we were disappointed to learn that @thenorthface and @LeoBurnett unethically manipulated Wikipedia. They have risked your trust in our mission for a short-lived consumer stunt.”

The Wikimedia Foundation, the non-profit behind Wikipedia, has since refuted that there was no collaboration of any sort, saying in a blog that “Wikipedia and the Wikimedia Foundation did not collaborate on this stunt, as The North Face falsely claims.”

“In fact, what they did was akin to defacing public property, which is a surprising direction from The North Face. Their stated mission, ‘unchanged since 1966,’ is to “support the preservation of the outdoors’– a public good held in trust for all of us,” it added.

The North Face has since then apologized on Twitter and said that it has ended the promotion. In an interview with The New York Times, the company pinned the blame on a lack of communication between the company and the local distributor in Brazil — which had approved the campaign.

The North Face said in response to Wikipedia‘s Tweet shown above says, “We believe deeply in @Wikipedia’s mission and apologize for engaging in activity inconsistent with those principles. Effective immediately, we have ended the campaign and moving forward, we’ll commit to ensuring that our teams and vendors are better trained on the site policies.”

Continue Reading

Business

UberEats Is Earning More Than Its Ride-Hailing Counterpart

Uber Eats dominates Uber first-quarter profits amidst $1 billion loss. Click To Tweet

Published

on

Uber Eats | Photo From: Joe.ie

Uber’s in a tight spot. Even before going public, the ride-hailing business has already been facing turbulent waters due to some particular reasons. Fortunately, it has ventured out of the restrictions of simply providing rides for people and included other business models like freight and new mobility — which entails bikes and scooters into its roster of services.

Today, UberEats, which is a new mobility service, earns the company more than its parent service or ridesharing. Specifically, Eats is on a steady pace of increasing its profits margin compared to Uber. Eats proves to be a revenue driver with gross bookings growth of 108% to $3.07 billion.

For the first quarter of 2019 alone, Eats generated $536 million in revenue for Uber — doubling the revenue generated from its 2018’s first quarter. Meanwhile, Uber’s ride-hailing revenue only went up 9 percent year-over-year.

From a broader perspective, Uber’s first-quarter earnings in 2019 reported a gross bookings growth of 230% for its other bets, while ride-hailing grew 22% compared to the same quarter last year.

Uber CEO Dara Khosrowshahi said on an investor conference call that gross bookings for new mobility “grew strong quarter over quarter.”

The news follows after Uber reported a loss of $1 billion in the same first quarter of 2019.

Primarily, Uber’s performance on the public market has been disappointing. Initially, the ride-hailing company was touted at $72 billion in the private market — which led experts to believe that Uber would reach an initial market cap of over $100 billion. Instead, the company currently sits at a $67 billion evaluation.

Three weeks after its IPO, Uber has traded below its initial IPO price on The New York Stock Exchange. In early May, Uber was priced at $45 per share, which raised $8.1 billion for the company. However, the ride-hailing company was priced at only $42 per share the following morning. At the time of writing, Uber’s at $40 per share.

“Earlier this month we took the important step of becoming a public company, and we are now focused on executing our strategy to become a one-stop shop for local transportation and commerce,” Khosrowshahi said in a statement. “In the first quarter, engagement across our platform was higher than ever, with an average of 17 million trips per day and an annualized gross bookings run-rate of $59 billion.”

According to The Verge, Uber is planning to bank on the success that Eats is having to improve its ride-hailing counterpart. Specifically, Khosrowshahi plans to make Eats customers also partake in its ride-hailing services.

Khosrowshahi pointed out that the company’s ride-hailing service is already a “very strong audience creator” for the Uber Eats business. But he also said that 50 percent of Eats customers don’t use Uber for ride-hailing; the food delivery service is bringing in new customers. “These are customers that then we can upsell into the rides business,” Khosrowshahi said.

Moreover, Uber is planning to involve itself more in emerging markets. In Latin America, for example, Khosrowshahi said Uber will be able to “uniquely capitalize on the synergies between the two offerings as we’re the only company [there] that offers both rides and Eats.”

From a different perspective, Uber plans on investing in its food delivery service to promote its ride-hailing service in a more clever move, especially with the trend on shared solutions.

Shared solutions, like Uber, is redefining shopping and eating experience, to name a few. Visor says that “this phenomenon grew from the popularity of “life on demand”—what you need when you need it (think Amazon, Netflix). Then, perhaps, it was accelerated by the need for instant gratification that is a hallmark of the millennial generation.”

Relatively, the conventional eat-out experience has restructured itself from a pleasant and relaxing experience to a day of facing heavy traffic and stress, especially in populated and busy cities globally. That is where Eats becomes a more convenient option who can bring food to your home, office, wherever.

Other than that, Uber’s other services may still prove worthy of placing the ride-hailing company to its former economic position. Under Khosrowshahi leadership, he has added shared scooters, bikes, public transportation schedules, and buying tickets to Uber’s app. That’s in addition to the dedicated self-driving and flying car divisions he inherited from his predecessor, Uber co-founder Travis Kalanick.

Continue Reading

Trending