Brinztech Alert: Data of Insightly are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a database of 20,000 rows of data that they allege was stolen from Insightly, a popular Customer Relationship Management (CRM) platform. In a particularly alarming claim, the seller, who is asking $3,000 for the data, also purports to have active access to the CRM itself. A sample provided with the listing confirms the presence of user email addresses and related information.

This claim, if true, represents a critical supply chain security incident. A data breach at a major CRM provider like Insightly poses a direct and immediate threat to all of its business customers. The alleged sale of not just a static customer database but also live access to the CRM is far more dangerous. It would provide a malicious actor with a real-time window into a company’s sales operations, allowing them to steal new customer data as it’s entered and launch highly convincing fraud campaigns.

Key Cybersecurity Insights

This alleged data and access sale presents a critical supply chain threat:

• Severe Supply Chain Risk for All Insightly Clients: The primary danger from a breach at a CRM provider is the risk to its clients. The customer data stored within the CRM is often a company’s most valuable asset. A compromise of the platform means a compromise of all the businesses that rely on it.
• High Risk of “Live” Data Theft via CRM Access: The claim of having active CRM access is a major escalation. It suggests an ongoing, active compromise that would allow a malicious actor to monitor customer interactions, manipulate data, and exfiltrate new information in real-time, making the threat dynamic and persistent.
• A Goldmine for Business Email Compromise (BEC): The data from a CRM, containing customer names, contact info, and potentially deal statuses, is the perfect raw material for launching sophisticated BEC and spear-phishing attacks. An attacker can impersonate a salesperson to a known client, referencing a real, ongoing deal, to commit invoice fraud.

Mitigation Strategies

In response to a supply chain threat of this nature, Insightly and its customers must take immediate action:

• Launch an Immediate Investigation by Insightly: Insightly’s highest priority must be to conduct an urgent and comprehensive forensic investigation to verify the claim’s authenticity, determine the scope of any potential data exposure, and identify the root cause of the breach.
• Activate Third-Party Risk Management for all Clients: Any business that uses Insightly as its CRM should immediately activate its third-party risk management and incident response plans. They must be on high alert for any unusual activity and prepare for the possibility that their customer data has been exposed, warranting proactive communication with their own clients.
• Mandate Credential Resets and Enforce MFA: Insightly should enforce an immediate password reset for all of its users. It is also critical that all Insightly customers enforce Multi-Factor Authentication (MFA) on their accounts to prevent takeovers, even if their password is known to an attacker.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com