Cybernews’ research team recently discovered that Sydney Tools, one of the largest professional tools resellers in Australia, has exposed 34 million online order entries, revealing purchase data including customer names, home addresses, and other details.
The exposed Clickhouse database also contained over 5,000 entries with data on the company’s past and present employees.
Worryingly, despite the team’s attempts to contact the company, the exposed instance was not closed. The data is leaking to this day, leaving vast amounts of sensitive employee and customer information publicly accessible.
“The leaked data is sensitive as it included extensive personally identifiable information in large volumes, as well as sensitive information regarding which customers purchased expensive items and the salaries of their employees,” the Cybernews researchers warn.
The leaked database revealed large amounts of sensitive employee and customer information, including:
- Employee data: Names, surnames, employment branches, salaries, and sales targets.
- Customer data: Names, email addresses, home addresses, phone numbers, and purchase details, including ordered items.
Researchers believe customer and employee information is vulnerable to cybercriminals, who could exploit this data for identity theft, phishing, or spam campaigns.
Cybercrooks can flood customers with fraudulent emails and messages, referencing specific tools that users purchased and convincing victims to reveal more data about themselves.
