Brinztech Alert: The Alleged Database of Insightsoftware is Leaked

Dark Web News Analysis

The dark web news reports a critical data breach involving Insightsoftware, a major provider of financial reporting and enterprise performance management solutions. A threat actor on a hacker forum is claiming to have leaked the Source Code for the company’s flagship product, Insightsoftware Atlas.

The breach allegedly occurred in September 2025, but the data has recently surfaced for potential distribution. Atlas is a widely used Excel-based reporting tool deeply integrated with Microsoft Dynamics AX and Dynamics 365. The leak of its source code represents a “Crown Jewel” compromise, potentially exposing the proprietary logic used by thousands of finance teams globally to handle sensitive ERP data.

Key Cybersecurity Insights

Breaches of financial software vendors are particularly dangerous because they act as a bridge to the core financial systems (ERPs) of their customers:

• Supply Chain “Zero-Day” Risk: The primary threat is the discovery of Zero-Day Vulnerabilities. With the full source code, attackers can analyze the software for unpatched security flaws—such as SQL injection points or authorization bypasses—that they can then exploit against any company using Atlas.
• Hardcoded Secrets: Developers often leave API Keys, Encryption Certificates, or Service Account Credentials embedded in source code repositories. If these are present, attackers could potentially decrypt sensitive financial reports or gain unauthorized access to the cloud backend supporting the Atlas service.
• Malicious “Add-in” Development: Since Atlas operates as an Excel add-in, sophisticated attackers could use the source code to build identical-looking but malicious versions of the tool. These “Trojanized” add-ins could be distributed to finance departments to silently exfiltrate balance sheets and payroll data directly from Excel.
• ERP Pivot: Because Atlas requires deep permissions within Microsoft Dynamics, a compromised Atlas instance could serve as a pivot point for attackers to move laterally into a company’s main ERP system, where they can manipulate wire transfers or vendor payments.

Mitigation Strategies

To protect financial infrastructure and ERP integrity, the following strategies are recommended:

• Update & Patch: Insightsoftware customers must stay alert for emergency security patches. If a vulnerability is found in the leaked code, the vendor will likely release a hotfix immediately. Apply it without delay.
• Network Segmentation: restrict the Atlas application’s ability to communicate with the open internet. Ensure it can only talk to the specific ERP servers it needs to access.
• Activity Monitoring: Audit logs for the service accounts used by Atlas within Microsoft Dynamics. Look for any unusual queries or data exports that do not match standard reporting schedules.
• Vendor Communication: Customers should demand transparency from Insightsoftware regarding whether any hardcoded credentials (such as global API keys) were included in the leak and if they have been rotated.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com