TRENDING
Home » Trends » Exclusive: Workplace Safety Organization Exposes Confidential User Data from NASA, Tesla, DoJ, and Beyond

Exclusive: Workplace Safety Organization Exposes Confidential User Data from NASA, Tesla, DoJ, and Beyond

Exclusive: Workplace Safety Organization Exposes Confidential User Data from NASA, Tesla, DoJ, and Beyond

Top Workplace Safety Organization Exposes User Data from , Tesla, DoJ, and More

Introduction

Sensitive information from thousands of government organizations and high-profile enterprises, including NASA, Tesla, and the Department of Justice, was leaked by the National Safety Council (NSC). As a non-profit organization that provides services to various companies, including government institutions, the NSC maintained customer data in web directories accessible to the public. This flaw was discovered by researchers at Cybernews, who found that the unprotected database had been exposed for at least five months.

Data Breach and Potential Victims

The NSC operates in the United States and offers workplace and driving safety training. According to the researchers, the organization has approximately 55,000 members, including 2,000 organizations such as Siemens, Intel, HP, IBM, AMD, Ford, Toyota, and Tesla. Additionally, the NSC serves government organizations like the FBI, the Pentagon, the Department of Justice, and NASA. The exposed database contained nearly 10,000 email addresses and passwords. Cybernews speculates that these companies likely maintained accounts on the platform for access to training materials and participation in NSC events.

While it has not been explicitly stated that the data was stolen by a malicious third party, the researchers believe it is a possibility. They suggest that the leaked credentials could be used in credential-stuffing attacks, phishing attempts, and other malicious activities. Such actions could lead to devastating consequences such as data theft and ransomware attacks.

Data Security and Password Encryption

Once the security breach was discovered, the NSC promptly addressed the issue. However, the researchers criticized the organization for hosting a development environment that was accessible to the public. They emphasized the need for separate hosting of development and production environments, with the former not containing actual user data and being kept private.

Among the leaked information were user passwords, which were hashed using the SHA-512 algorithm, generally considered secure. The passwords were also salted. However, due to the salts being stored together with the password hashes and only encoded with base64, retrieving the plaintext version of the salt would be relatively easy for experienced hackers. Cybernews estimates that it could take up to six hours to crack a single password from the database. Although not all passwords may be easily cracked, a significant number of them are likely vulnerable.

Closing Summary

The data breach at the NSC exposed sensitive information from numerous government organizations and high-profile enterprises. The organization has since fixed the security flaw that allowed public access to their customer data. However, the incident highlights the importance of robust data security measures and proper encryption practices. Companies must ensure that their development environments are separate from production environments and do not host actual user data. Additionally, strong hashing algorithms and secure storage of password salts are crucial for protecting user passwords from unauthorized access.

A note to our visitors

This website has updated its privacy policy in compliance with changes to European Union data protection law, for all members globally. We’ve also updated our Privacy Policy to give you more information about your rights and responsibilities with respect to your privacy and personal information. Please read this to review the updates about which cookies we use and what information we collect on our site. By continuing to use this site, you are agreeing to our updated privacy policy.

Get first on Gadget News No Thanks