For this week’s Cyber Intelligence House leak of the week, we have a private equity firm based in the South Asia region that specialises in growth capital for emerging companies. They are known for managing investments across diverse sectors and supporting entrepreneurs in scaling their businesses.

In a significant breach, over 2GB of data was leaked via a private channel. The dataset comprises 368,959 .eml files spanning 142 folders, indicating widespread exposure of internal communications. The leak includes nearly half a million emails, with hundreds of thousands containing potentially sensitive business information such as credentials, contracts, internal discussions, and payment details.

Cyber Intelligence House Analysis of Leaked Data

The following highlights the most sensitive aspects of the breach:
– A total of 453,552 emails were exposed, forming the core of the dataset.
Sensitive Keyword Flagging
– 349,573 emails contained keywords such as “confidential”, “nda”, “internal only”, “vpn”, “admin panel”, “invoice”, “payment”, and “credentials”.
Attachments
– 32,247 total attachments were found within the email archive, of which 19,781 emails had one or more attachments, potentially including contracts, financial documents, and personal identification data.
API Keys and Tokens
– 914 unique API keys or tokens were discovered, which may lead to unauthorised access if actively valid.

Email Activity Timeline
– Peak email activity occurred in March 2022 with 51,052 emails, indicating high operational activity and possibly the time window for impactful data exposure.

Cyber Intelligence House Implications

For Individuals:
– Exposure of personal conversations and contact details from investor or partner communications.
– Risk of phishing, identity theft, or social engineering via disclosed emails.
– Leakage of signed agreements, scanned IDs, or financial transactions as attachments.

For Equity Company:
– Breach of confidentiality with clients, partners, and investors.
– Legal liabilities under data protection laws such as Digital Personal Data Protection Act.
– Loss of trust among stakeholders due to mishandling of sensitive internal and contractual information.

Supply Chain Risks:
– Due to the high number of emails flagged with “contract”, “invoice”, and “credentials”, vendors and partner companies communicating with the company may face downstream phishing attempts, data abuse, or reputational harm.

Recommendations
– Immediate Invalidation of Leaked API Keys: Revoke and rotate any credentials or tokens leaked within the 914 identified API keys.
– Email Filtering and Monitoring: Notify clients and partners about the breach; enable monitoring for spear phishing attacks using leaked data.

Legal Review: Initiate an internal investigation and consult legal counsel to manage potential compliance breaches.