If you ever used EventBuilder to register as an attendee at an event, then you may be among those whose personal information has been exposed in a leak estimated to have affected more than 100,000 people.
The leak was spotted by Bob Diachenko and responsibly disclosed by Diachenko and Clario Tech according to a new report out this morning by Andriy Slynchuk of Clario Tech.
The EventBuilder platform is widely used by Microsoft and integrated with their Teams solution. Slynchuk reports that The data was stored on Microsoft Azure Blob Storage — Microsoft’s object storage solution for the cloud.
The storage in question was supposed to be partially public, to host recorded sessions for link-only access. However, for some reason, the webinar organizers were putting registrant information into the blob. This meant it was open to indexing by a Public Bucket searcher (Grayhat Warfare), thus compromising their personal information and potentially putting them in danger of being targeted by hackers from across the globe.
The data was spotted on June 10, 2021 and reported to EventBuilder that day. Clario reports that EventBuilder addressed the leak, but offered no comment or statement.
Clario’s report did not offer an exact count, but a companion press release estimated that there might have been approximately one million CSV/JSON records impacting more than 100,000 registrants. A sample record is provided below, redacted by Clario:
The records included:
- Full names
- Email addresses
- Company names and position in company
- Phone numbers
- Questionnaires answered
You can find more details in Clario’s report.
DataBreaches.net sent an inquiry to EventBuilder through their web site asking them whether they have made any disclosure or notifications concerning this incident and what steps they are taking to better secure registrant information. No response was received by publication time. This post will be updated if a reply is received.
To find out what data EventBuilder may hold on you, see this page on Microsoft and follow their directions.