Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Key Points:

• Pax8 accidentally exposed internal business information of approximately 1,800 MSP partners through an email sent to fewer than 40 recipients, including customer organization names and Microsoft licensing data.
• The incident could lead to competitive targeting by rival MSPs and increase the risk of phishing and extortion attempts by cybercriminals, as the leaked data reveals sensitive business information.
• Pax8 has contacted affected partners to request deletion of the email and is conducting an internal review to prevent future occurrences.

Technical Details: The exposed spreadsheet contained over 56,000 entries with fields such as customer organization names, Microsoft SKUs, license counts, and renewal dates. Although the data did not include personally identifiable information, it poses significant risks for targeted attacks.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned