vpnMentor’s research team, led by cybersecurity researchers and hacktivists Noam Rotem and Ran Locar, have uncovered an unsecured database at Fieldwork, a business management platform owned by Anstar marketed towards the home services industry. The team identified the breach which exposed access to customer names, addresses, phone numbers, email address, alarm codes, signatures, client information, credit card details, location data, photos, and other detailed exchanges.
In addition, auto-login links were leaked, which give potential bad actors access to companies’ back-end systems containing even more sensitive client information. Detailed e-mail exchanges were also found within this breach, containing information pertaining to appointment times, building access and alarm codes, instructions about where keys were hidden, payment information and other sensitive data.
This breach was discovered as part of vpnMentor’s ongoing ethical web-mapping project, which seeks to identify vulnerabilities and data breaches online and notify those responsible in order to improve online safety and security.
The full report is now live on vpnMentor’s website https://www.vpnmentor.com/blog/report-fieldwork-leak/