2 December 2020

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data


French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

The French digital supply chain management and software solutions provider Apodis Pharma exposed a massive trove of confidential business-related data, including pharmaceutical sales data, full names of Apodis Pharma partners and employees, and more.

The leak was discovered by the CyberNews researchers who found an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing over 1.7 TB of data. The exposed database included several archives with information related to pharmaceutical shipments (shipment storage status, the precise times and locations of where the shipments have been picked up by sellers or distributors, as well as the quantity of pharmaceuticals in the shipments), partner and client organizations, products stored in Apodis Pharma client warehouses, confidential product sales data, user records (including full names of people who appear to be Apodis Pharma clients, partners, and employees), and consumer and client data visualizations and analytics.

At present, it is not clear who had access to the exposed data, however, the researchers said that the database has already been indexed on at least one popular IoT search engine meaning that the data has likely been accessed and downloaded by third parties.

The investigation team said they discovered the database on October 22 and attempted to contact Apodis Pharma over the issue, but without success. The team then reached out to CERT France in order to help secure the database, but more than two weeks later, the database was still publicly accessible. Eventually, the researchers contacted directly the Apodis Pharma CTO Mathieu Bolard on November 16, and the database was secured the following day.

Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021