February 27, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

Blisk browser left open, 2.9 million records exposed

2 min read

Original Post from SC Magazine
Author: Doug Olenick

The web-development
browser Blisk suffered a data breach leaking more than 2.9 million records
through an open Elasticsearch database that was left open and that bypassed the
security put in place by its users.

The browser has
been compromised in a way that it now leaks the data it was designed to gather
from web development teams, UX designers and web engineers, according to Noam
Rotem and Ran Locar, leaders of VPNMentor’s security team, who uncovered the
problem. Blisk has been operating since 2014 and VPNMentor said it has NASA,
Microsoft, Apple, eBay and UNICEF as its customers and others from around the

information exposed included more than 1,000 email addresses – including a
ca.gov email address, IP addresses and user agent details. All of which can be
used to create legitimate appearing phishing emails to be used against the

Rotem and
Locar said Blisk intentionally set up its browser without any security layer at
all, and it also bypassed any security implemented by its users.

“Since the
browser ‘sees’ what the user sees, it can potentially bypass every encryption,
2-factor authentication, and any other measure they have in place. If the user
is using software that is not heavily secured, this can lead to very serious
security breaches. It appears that no matter what security measures you put in
place while using Blisk, your data would still potentially be leaked,” the researchers said.

The open database
was found on December 2, 2019, the vendor was contacted two days later and had
taken action to protect in the information on December 9.

The post Blisk browser left open, 2.9 million records exposed appeared first on SC Media.

Go to Source
Author: Doug Olenick

Copyright © All rights reserved. | Newsphere by AF themes.