Veeam has said sorry to its partners after “human error” led to the exposure of millions of data records.
Veeam said that one of its marketing databases “may have been accessible to unauthorised third parties for a limited time due to human error”.
Security researcher Bob Diachenko uncovered the breach earlier this week, claiming that 445 million records were exposed as a result of a misconfigured server.
Veeam’s co-CEO Peter McKay, wrote to partners saying that as soon as the company validated the problem, it quickly secured the database. Once secured, it launched a full investigation into the scope of the incident and took corrective measures to reduce the risk of future such incidents.
“The exposed database contained non-sensitive marketing records, such as names and email addresses, and in some instances IP addresses. It is possible that this information was visible to an outside third party for a limited time. As soon as we validated the incident, we moved quickly to ensure the database was properly secured and to limit any further exposure. We are now actively investigating the matter to ensure that it does not happen again. As a company, we value honesty and openness, which is why I wanted to personally assure you that steps have been taken to prevent a similar issue from occurring in the future”, McKay wrote.
