You can now find Cyber Kendra on Google News | Telegram

Live Chat Widgets Leaks Personal Details of Employees of Big Companies

Leaky LiveChat leaks details of Employees of high profiled companies
Two researchers from Project Insecurity Cody Zachariasand Kane Gamble, have discovered a security loophole on widgets of live chat that leaks the personal data on the particular firm employees.

At the mean time two of the live chat widgets that are used on hundreds of high profiled websites including Google and  PayPal, were found leaking the employees personal data.
The vulnerable widgets are used on sites managed by Google, Verizon, Spring, Bank of America, PayPal, Orange, Sony, Tesla, Bitdefender, Kaspersky Lab, Disney, and many others.

According to the Cody and Kane, leak occurs when an attacker engages in a live chat session with a support staffer. And these leaks include  real name, company email address, employee ID, support center name, location, supervisor name, supervisor ID, or software used by the employee.
Cody and Kane said-
"The type of information being exposed is everything a person would need to successfully perform social engineering attacks against the company by using an employee's real information such as their full name, employee ID and supervisor's name to impersonate them,"
"This could lead to somebody gaining access to employee tools and even allow them to gain a foothold in the internal network," - further they added.
 Initially researcher had reported the security issue to leaky widgets vendors but still it was not patched. But after the security advisory published Live Chat have acknowledged the issue and promised to patch it.
Till yet researchers have not published the technical details of bug and neither posted exploit code. May be full technical details may come after vendor patch the issue  

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.