Fortum Poland Has Exposed Its Customer’S Database And Confirms Unauthorized Access

Fortum Poland, a wing of the Finnish state-owned energy company, has leaked 3,376,912 records of its customers that contained personally identifiable information. The database was left exposed online without any protection and found by a security researcher named Bob Diachenko .

He discovered this open database, which was part of a cloud setup from either company or its contractors, on April 15th. The company sealed off the database immediately after being contacted by Diachenko but confirms unauthorized access.

Fortum Poland Has Exposed Its Customer’s Database and Confirms Unauthorized Access

Found – Informed – Secured

Fortum Poland is a Finland’s state-owned energy company that’s having CHP plants over 800km area, and serving over 100,000 clients in Plock, Wroclaw, Czestochowa, Zabrze, etc. areas. The company is an active producer of electricity and gas to both individuals and corporates. On April 15th this year, an Elasticsearch scan by Bob Diachenko found a database containing millions of records of Fortum’s customers. The exact records count is of 3,376,912.

Bob Diachenko says that a number of servers that store such sensitive databases are hosted online improperly. System admins should secure those servers with passwords and other encryption protocols to safeguard their databases.