➤Summary
Full SQL database is online. More details in this article.
This June 2022 a database belonging to a company, specialised on education of top managers has been leaked online. The incident has happened precisely on 21st June, 2022. The company on question is Fligby with a solution called “The Flow”, developed in partnership with a famous and renowned in the field of psychology, professor Mihaly Csikszentmihalyi.
As the company describes itself: “The producer of FLIGBY is ALEAS Simulations, Inc. ALEAS is an innovative serious gaming lab based in California and Central Europe, Hungary. The objective of the ALEAS Edutainment Philosophy is to effectively enhance all learning practices including skill development. Our operation is based on a threefold corporate philosophy: balance of simulation, adaptivity and game-based approach.
Computer games are one of the most empowering activities in the virtual world. They are meant to be fun. That’s why edutainment is the most effective method of learning today. Results are based on trial and error methodology: a direct link between learning efforts and results.”
The list of Fligby’s companies-clients is impressive: Janssen of Johnson&Johnson, KWS, Raiffeisen Bank, Samsung, Tesco, Novartis, Spar, T-Mobile, ExxonMobil, NN Group, UniCredit Bank, Lufthansa Technik AG, Whirlpool, OTPBank, Telenor, Tesa, EY, Vodafone, Groupama, Henkel, Qualcomm, Roto Frank, Essilor International, BW Offshore Ltd, Opera Ltd and others, including renowned high schools and universities all over the world.
Data leak details
Overall, almost 54k users have been affected by this data breach. The “flow_users”, arguably the most interesting table of the database, has the following keys:
`id`, `gender`, `first_name`, `last_name`, `email`, `password`, `mobile`, `job_title`, `country_of_origin`, `group_id`, `solution_provider_id`, `company_id`, `role_id`, `activation_id`, `reg_date`, `last_login_date`, `start_date`, `active_time`, `end_date`, `language`, `date_of_birth`, `company_name`, `company_category`, `company_subcategory`, `work_location`, `employees_number`, `leadership_level`, `manager_time`, `keep_informed`, `status`
The passwords in the database have been originally hashed, but appeared in the following weeks on an underground hacking forum in a cleartext form.
To sum up, in hackers possess such sensitive data as: full company’s top manager name, and the company of work, DoB, mobile phone number, email, used password, job title and language spoken. What a great pack for phishing as well as phone scam!
Kaduu Team urge you to stay vigilant and aware of data that has been leaked.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.