Syrasoft Data Breach Customer Information and Credit Card Data Exposed Online

Logging records are a ripe source for sensitive exposures.

We discovered an unsecured database with references to New York based Syrasoft and storage unit information. We immediately contacted Syrasoft with our findings and the database was closed to public access shortly after our responsible disclosure notice. We did not see any indication that the data was test or dummy data and were able to validate several individuals with unique names to what appeared to be real people. It appears that there was a Syrasoft data leak or Syrasoft data breach.

What was discovered:

• Total Records: 526,613

• Internal Migration and records dating back to 2005 that include names, DOB, email addresses, physical addresses, phone numbers, partial credit card numbers, hashed driver’s license, detailed account, auction, and collections notes. These individuals could potentially be targeted for spam or social engineering scams.

According to their website Syrasoft offers Self Storage Software Excellence

“Syrasoft’s cutting-edge self storage technology is built by independent self storage owners and operators with decades of experience standing behind every product and service. As a result of this unrivaled expertise, Syrasoft’s self storage software, and website services are maximizing profits and enhancing efficiency at thousands of facilities around the globe, today”.

Here is what the publicly exposed records looked like.

Example of a full Credit Card number in plain text exposed in internal comments.

It is unclear if customers or authorities were informed of the exposure or who else may have had access to these records. We imply no wrongdoing or that customers were at risk and only publish our findings for educational and information purposes.