Last updated 1 month ago
An unnamed finance company exposed database credentials by storing them in an Excel spreadsheet protected only with a weak password. The breach was disclosed in a PWNED column on 2026-04-30, but the discovery date is not specified. No record count or affected user population is provided.
The attack vector was a misconfiguration: the company placed sensitive database credentials in a file with inadequate protection, making them vulnerable to unauthorized access. The exact exploitation method is not detailed, but the weak password protection suggests credential cracking or bypass. No threat actor is attributed, and no specific CVEs or MITRE ATT&CK techniques are mentioned.
No post-incident details are available in the article regarding regulatory actions, litigation, ransom payments, or remediation milestones.
Sensitive database credentials stored in a weakly password-protected Excel spreadsheet
This breach underscores the critical failure of storing sensitive credentials in weakly protected spreadsheets. The finance company should have enforced strong encryption and access controls for credential storage, and implemented a policy against storing secrets in easily accessible documents.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector