Cybersecurity researcher Jeremiah Fowler has uncovered a significant data breach involving Patties Foods Limited, an Australian food company.

The breach exposed nearly half a million records across two separate, publicly accessible, non-password-protected databases.

Patties Foods Limited is a leading Australian food service provider renowned for its diverse range of high-quality savory and sweet products, catering to various food sectors’ needs.

Key Findings:

  1. Exposed Logging Server: This server contained 496,296 records, including system errors, warnings, indexing operations, search queries, cluster health status, diagnostic data, and internal, customer, and vendor emails.
  2. Cloud Storage Database: Within the logging records, Fowler found a separate cloud storage database with 25,800 invoices and distribution records in .pdf and .xls formats.

The exposed data included sensitive information such as vendor contacts, emails, banking details, and internal support tickets. Fowler identified that these records belonged to Patties Foods Limited (PFL), known for producing a wide range of food products, including meat pies, pastries, and frozen fruits.

Buy Me A Coffee

Involvement of Provenio.ai

Documents revealed that Provenio.ai, a service provider for AI-powered supply chain productivity, controlled the IP address managing the exposed databases. Upon discovering the breach, Fowler sent a responsible disclosure notice to Provenio. The company swiftly restricted public access to the databases and began an investigation into the exposure, which was suspected to result from human error during a patch update.

A Provenio representative responded promptly, confirming that they were addressing the issue and investigating the cause. The databases’ exposure duration and potential unauthorized access remain unknown, pending an internal forensic audit.

READ
FBI Recovers 7,000 LockBit Keys, Offers Lifeline to Ransomware Victims

The breach exposed valuable information that could be exploited by criminals, including detailed vendor, contact, banking, and invoice information. This data poses significant risks if used maliciously.

Patties Foods Limited, founded in 1966, is one of Australia’s leading manufacturers and suppliers of various edible products.