Data Breach Impacting FSM Software Company Fieldwork Exposes Clients’ PII Information, Payment Details, Alarm Codes and More
July 2019 by VPNMentor
vpnMentor’s research team – led by cybersecurity researchers and hacktivists Noam Rotem and Ran Locar – have uncovered an unsecured database at Fieldwork, a business management platform owned by Anstar marketed towards the home services industry. The team identified the breach which exposed access to customer names, addresses, phone numbers, email address, alarm codes, signatures, client information, credit card details, location data, photos, and other detailed exchanges.
In addition, auto-login links were leaked which give potential bad actors access to companies’ backend systems, along with detailed e-mail exchanges containing information pertaining to appointment times, building access and alarm codes, payment information and other sensitive data.
This breach was discovered as part of vpnMentor’s ongoing ethical web-mapping project, which seeks to identify vulnerabilities and data breaches online and notify those responsible in order to improve online safety and security.