https://cybernews.com/security/sydney-tools-exposed-data-leak
A major data breach at Sydney Tools has exposed sensitive information from tens of millions of online orders, including customer names, home addresses, and other personal details.
The professional tools wholesaler and retailer left a Clickhouse database unprotected, leaking data on both employees and customers. According to cybersecurity researchers, the exposed database contained over 5,000 entries with information about past and present employees, including names, branches of employment, salaries, and sales targets.
Even more concerning, the leak includes over 34 million online order records containing customer names, email addresses, home addresses, phone numbers, and details about items purchased. Despite attempts to contact the company, researchers report that the exposed database remains accessible, meaning sensitive data continues to leak.
“Information Sydney Tools is leaking can aid cybercriminals in the surprisingly common crime of tool theft, as well as more standard cybercrimes such as identity theft, phishing, or spam campaigns,” the researchers noted.
The breach creates multiple security risks. For employees, particularly high earners, there’s increased vulnerability to spear phishing attacks. For customers, cybercriminals could craft highly convincing fraudulent messages referencing specific tools they purchased to trick them into revealing additional information.
The disparity between Sydney Tools’ reported workforce of approximately 1,000 employees and the nearly 5,000 employee records in the database suggests that information about former staff members has also been compromised.
Researchers have reached out to Sydney Tools for official comment and await a response. Meanwhile, the database reportedly remains unsecured, highlighting that DIY expertise should extend beyond physical tools to digital security measures.