Hacked in Plain Sight: How Vulnerable is Your Online Brand?
By:
Ganesan D
26 Jun 2025
Category:
Cyber Threats
With the increasing adoption of cloud services, many cloud storage
configurations could accidentally or intentionally be set to
public, revealing internal confidential information. Worldwide,
more than 11.6 billion files from organizations are publicly
available.
We have seen public files containing personal data of employees,
their passwords, and even maps of facilities containing locations
of critical business assets such as Operational Technology (OT)
and server rooms. These files can be found with a method called
Google dorking. Even if a file doesn’t contain any sensitive
information, its metadata could reveal the name of the person who
edited it and their location.
In addition, the job ads you post online may reveal the technology
you use – useful information for adversaries to tailor their
exploit.
Also, your promotional photos or videos online showing offices or
factories could show vulnerable information such as OT, software,
or your facility’s physical security measures.
Social Media
A very valuable social media platform for adversaries is LinkedIn,
as employees use it to share their job positions and experiences.
Such information can reveal organizational structures, personal
information to be used for phishing, and technologies used within
the organization as described in the work experience section of
employee profiles.
Leaked/Stolen Information
Third-party platforms used by your employees or your organization
may have already experienced a data breach involving user
credentials. When sites like haveibeenpwnd.com obtain these leaked
credentials, adversaries can check your employee’s email address
to see if their password has been compromised. If the password is
similar to the password they use within your organization,
adversaries can gain an initial foothold.
Other unusual sources are 'pastebin' sites, which host plain text
that users have pasted to share large texts. Such sites may also
contain breached data such as credentials and other sensitive
information obtained by adversaries.
Finally, credentials from breaches, unknown vulnerabilities, and
exploits for software you use could also be sold on the dark web.
Network and Subdomain Search Engines
Furthermore, sites like shodan.io and censys.com index IP
addresses of devices such as routers, webcams, servers, and even
OT systems connected to the open internet and scan for software
versions on their open ports. This information can be exploited to
gain initial access.
Another way to find hidden networked resources is via domain name
enumeration. Your organization most likely owns a domain name and
has probably created many forgotten subdomains such as
'blog.yourdomain.com'. Systems hosting these subdomains could have
vulnerabilities that can be leveraged by adversaries to move
laterally or escalate to higher domains.
Recommendations
In order to minimize the impact of adversaries exploiting
information or system vulnerabilities found with OSINT, we
recommend to:
-
Ensure you have clear internal policies on what information can
be publicly shared and include it in regular training.
-
Make sure that anything that is publicly accessible is free of
sensitive or critical information, including metadata. Use Data
Loss Prevention (DLP) policies or a CMS that strips sensitive
data before publishing.
-
Use services such as Red Team exercises, Cyber Due Diligence,
and Internet Footprint Analysis from third parties such as our
Cyber Defense Services.
-
Ensure that robust Cyber Threat Intelligence (CTI) and
organization-specific processes and solutions are in place to
receive early notifications about possible exposure of sensitive
information and attacks against the organization.
Conclusion
In short, adversaries can discover a great portion of your attack
surface by combining a wide variety of OSINT sources. Determining
what sensitive information is accessible and how to contain it,
creating security policies, implementing data classification, DLP,
CTI, and other safeguards are daunting tasks. If your organization
does not have the in-house expertise or capacity to adequately
address these critical measures, feel free to catch us for a
coffee at our office in UAE or just reach out via the contact
buttons on the right.
