Popular North American CRM solution hacked

Does your company have anything to worry about?

Today, October 20, a known threat actor has shared a data leak belonging to one of the popular CRM solutions in the North America. The database dump counts around 24,000 clients all over the world. Almost all of the clients in the data leak are Sales managers, executives or various companies’ representatives. Various PII data has been leaked during the incident, including several credit cards data.

As described by the company itself, they are: “best of breed solution for sales automation & CRM for contact and pipeline management.” OnCourse. Their mission is to simplify and accelerate the sales and communication lifecycle.

OnCourse is trusted by such companies as: Implant America, PawTree, BioBlend, Chef Shamy, etc.

What data has been leaked?

A threat actor under alias “GuntherMagnuson” has shared a file, allegedly belonging to OnCourse. The primary analysis shows that database is maintained until August 2022. This information lets us conclude the approximate date of the cyber intrusion: the 8th of August, 2022.

The database is now freely shared on the Internet and consists of the following PII information:

id, first name, last name, email, alt-email, password, chathandle, avatar, publicInfo, phone, cellnumber, userLevel, notes, heardabout, nocontact, tradingRoomOptions, referUserId, isDuplicate, acceptedDisclaimer, bio, business, geoip, created_at, updated_at, sms_country, merchantId, is_login, free_Account

The passwords are present in a MySQL4.1/5 hashed version. It will take no time to dehash them for anyone on the Internet.

While analysing the data leak we have also remarked, that in the “notes” graph OnCourse team has left some messages between one another, specifying client’s credit cards data.

For example:

What is surprising, is that the credit card data is not masked, neither protected in any way.

As of today, October 2022, OnCourse didn’t release any statements about the cyber security incident, as well as didn’t recognise this data leak.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web. 

Comments are closed.