2 December 2020

French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data


French healthcare software company Apodis Pharma leaked over 1.7 TB of confidential data

The French digital supply chain management and software solutions provider Apodis Pharma exposed a massive trove of confidential business-related data, including pharmaceutical sales data, full names of Apodis Pharma partners and employees, and more.

The leak was discovered by the CyberNews researchers who found an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing over 1.7 TB of data. The exposed database included several archives with information related to pharmaceutical shipments (shipment storage status, the precise times and locations of where the shipments have been picked up by sellers or distributors, as well as the quantity of pharmaceuticals in the shipments), partner and client organizations, products stored in Apodis Pharma client warehouses, confidential product sales data, user records (including full names of people who appear to be Apodis Pharma clients, partners, and employees), and consumer and client data visualizations and analytics.

At present, it is not clear who had access to the exposed data, however, the researchers said that the database has already been indexed on at least one popular IoT search engine meaning that the data has likely been accessed and downloaded by third parties.

The investigation team said they discovered the database on October 22 and attempted to contact Apodis Pharma over the issue, but without success. The team then reached out to CERT France in order to help secure the database, but more than two weeks later, the database was still publicly accessible. Eventually, the researchers contacted directly the Apodis Pharma CTO Mathieu Bolard on November 16, and the database was secured the following day.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024