We discovered an unsecured database with references to New York based Syrasoft and storage unit information. We immediately contacted Syrasoft with our findings and the database was closed to public access shortly after our responsible disclosure notice. We did not see any indication that the data was test or dummy data and were able to validate several individuals with unique names to what appeared to be real people. It appears that there was a Syrasoft data leak or Syrasoft data breach.
“Syrasoft’s cutting-edge self storage technology is built by independent self storage owners and operators with decades of experience standing behind every product and service. As a result of this unrivaled expertise, Syrasoft’s self storage software, and website services are maximizing profits and enhancing efficiency at thousands of facilities around the globe, today”.
Here is what the publicly exposed records looked like.
Example of a full Credit Card number in plain text exposed in internal comments.
It is unclear if customers or authorities were informed of the exposure or who else may have had access to these records. We imply no wrongdoing or that customers were at risk and only publish our findings for educational and information purposes.