A hack to National Security Council of the United States leaked about 10 thousand emails, passwords and credentials of NASA, Tesla, the Department of Justice and other agencies and companies.
The NSC is a non-profit organization that provides workplace and driving safety training. In accordance with cybernews, the council’s website was left vulnerable to cyberattacks for five months.
Total there are almost 55 thousand members of the National Security Council those who were at risk of exposure.
In addition to NASA and Tesla, affected companies and agencies include Shell, Siemens, Intel, HP, Boeing, Pfizer, the US Navy, the Pentagon, Amazon, Verizon and many more.
“The vulnerability posed a risk not only to NSC systems but also for the companies that used the services of NSC”, notes Cybernews.
The discovery of the attack occurred on March 7, with the Cybernews research team finding a subdomain of the National Security Council website.
This exposed the listing of their web directories to the public, allowing an attacker access files crucial to the operation of the server.
“Among the accessible files,” says Cybernews, “researchers also discovered a backup copy of a database that stores user emails and passwords.
Backup stored about 9,500 unique accounts and their credentials, with almost 2 thousand different corporate email domains, belonging to companies from various sectors.
“The leaked credentials could have been used for credential stuffing attacks,” Cybernews explained, “which attempt to log in to companies’ Internet-connected tools, such as VPN portals, human resources management platforms or corporate emails”.