IT services giant HCL left employee passwords, other sensitive data exposed online
IT services giant HCL left employee passwords exposed online, as well as customer project details, and other sensitive information, all without any form of authentication, research by security consultancy UpGuard reveals.
An HCL human resources portal published new employee names, usernames and clear text passwords. “The most sensitive stuff was on an HR portal and had a report for new hires, and it was very clearly being actively used,” Greg Pollock, vice-president of product at UpGuard, tells CSO. “Fifty-four people had been onboarded during the time period when I had found this.”