Today Deletesec has announced an leak of data from what is turning out to be a service to many high profile company’s around the world. The target is SPIROL International (https://spirol.com/) and as a result of them being it has over 30,000 company’s affected after there credentials have been leaked online. SPIROL is a international business going back to 1948 specializing in the fasting industry. The breach was announced from @Deletesecs twitter account and has posted 3 csv files to media fire. The 3 files which total just over 27mb contain a heap of data in them but most comes from 1 file named CRM_data. This CRM_data file contains a huge amount of clients contact and account information which could be used by many different company like call centers etc. 
When i asked DeleteSec which method was used i have been told SQL which is no surprise as there is a huge rise over the past 24 months of these types of attacks which result in high profile company’s information being leaked online. Deletesec has also stated something very interesting, that the reason this leak has happened is due to SPIROL making threats to have them arrested, it appears that maybe they already know and knew of the breach before the data was leaked and they had a chance to stop it but didn’t. I have also been shown and proven the Vuln, which i can say resides in the sites news system but that’s as much as i can publicly with harming any further people. Either way SPIROL might just have some answering to do to a lot of big company’s over the coming days. The leaked information totals 70,889 Email addresses of which 886 have passwords, the rest are set as
- total passwords: 889
- total providers: 26, 856
- total company’s: 31,523
- Full providers list
- Full companys list