A security guard company was found to be leaking data that could lead to identity theft, physical violations, theft and even terrorism.
The news comes from cybersecurity researcher Jeremiah Fowler, who found an online database containing more than 1.2 million documents. The database was unprotected and could be accessed by anyone who knew where to look. WebsitePlanet reported.
A subsequent investigation discovered that the database belonged to a UK-based company called Amberstone Security Ltd, a company that offers physical security and technology services.
Physical threats
In the database, the researcher found personally identifiable information (PII) and facial photographs of thousands of security guards. Additionally, he found images of security credentials, as well as license cards, issued by the Security Industry Authority (SIA). The database also contained incident reports as well as names and dates of birth of potential offenders.
Speaking to SIA, the investigator was told that the cards did not have any biometric data, suggesting that with this database, a criminal could easily reproduce the cards and thus impersonate security personnel. “This could potentially lead to a breach of physical security, theft, vandalism or, in the worst case, acts of terrorism,” the report states.
The investigator also found files about the development of an app called Guarded on Duty, which allows security guards to log in and verify their current jobs by uploading images of their credentials. Additionally, he found APK files, which threat actors could use to infect Android apps with malware.
After making the discovery, Fowler contacted Amberstone Security, which confirmed the database lock.
The company also placed the blame on an anonymous third party: “Thank you for bringing this to our attention, this is deeply concerning,” a company representative told the investigator. “I am investigating this with the vendor who developed and hosts the platform. Please be assured that we take data security seriously and this will be fully investigated.”