OptimEyes.ai leak

May 9, 2023 Article 348 words 2 mins read

Creating a Single Source of Truth Using an AI-Powered Common Control Framework
OptimEyes ingests data from multiple risk sources to create an aggregated, near real-time enterprise wide view of risk. Our flexible solutions cover each client’s risk priorities, including cyber, data privacy, ESG and compliance risk.

Well shit, you homies just got owned and your source-code got leaked on 4chan, of all places. For a security-related company who claims to be, and I quote, “Creating a Single Source of Truth”, that’s a big L.

What is inside, you might ask? Well, luckily for all those “journalists” who will report about it, there is a readme file. Easy-mode!

meow :3 get fukkkkd ^v^

contents:
  - (almost?) all git repos
    - git credentials in git configs in case u find any other repo names
    - lots of config files with credentials n shit
  - s3 buckets containing:
    - customer network inventories + vuln scans
    - their genius ml models that couldnt prevent this attack
    - multiple database backups
    - sftp private keys
    - idk a shitton of other stuff

note: s3.optimeyes.ai sync is very incomplete

Size: 67GB
Magnet link:

magnet:?xt=urn:btih:03386cd3a22b094cd830853b6577a3197b55225f&dn=optimeyes%20dump%202023

Yeah, it’s really really bad.

jwt.secret=jwtOptimeyesaiSecretKey
aws.accessKeyId=AKIAXVF7DYV5MIQ7OOPW
aws.secretKey=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
aws.secretName =secretMYsqlAdminUser
aws.region =us-west-2

##### AWS ACCESS CONFIG #####
gkz.aws.access_key_id=AKIAXVF7DYV5LPKYITP4
gkz.aws.secret_access_key=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
gkz.s3.bucket=s3.optimeyes.ai
gkz.s3.region=us-west-2

String ACCESS_KEY = "AKIAXVF7DYV5LCMAMG67";
String SECRET_ACCESS_KEY = "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";
credentials = new BasicAWSCredentials(ACCESS_KEY, SECRET_ACCESS_KEY);
amazonS3Client = new AmazonS3Client(credentials);

boot.admin.client.username: admin
boot.admin.client.password: OpenSpace

[remote "origin"]
  url = https://karanopti:ATBBvM5rnUMkcyW66JTymb8pSSTpA4373467@bitbucket.org/PramodNayak123/eureka-admin.git
  fetch = +refs/heads/*:refs/remotes/origin/*

Looks like a legit and complete source code leak of all OptimEyes components. My professional security assessment is that a rebrand is in order, as soon as possible.

Complete listing:

|-- git
|   |-- account-assessment-services.zip
|   |-- apigateway.zip
|   |-- apitest_itrisk.zip
|   |-- archer-service.zip
|   |-- audittrailapi.zip
|   |-- automation-scripts.zip
|   |-- ccf-service.zip
|   |-- commonconfigapi.zip
|   |-- cyber-services.zip
|   |-- emailapi.zip
|   |-- eureka-admin.zip
|   |-- eureka_server.zip
|   |-- it_risk_service.zip
|   |-- optimeyes_ms_ajs.zip
|   |-- privacy_service.zip
|   |-- rbacservice.zip
|   |-- subscriptionapi.zip
|   |-- subsidiary_service.zip
|   |-- user_management.zip
|-- readme
`-- s3-buckets
    |-- aiml.optimeyes.ai.zip
    |-- altria-qualys-data.zip
    |-- grainger-rapid7-data.zip
    |-- optimeyes-backup.zip
    |-- optimeyes-cft.zip
    |-- s3.optimeyes.ai.zip
    |-- sftp.bucket.optimeyes.ai.zip
    `-- sftp.optimeyes.ai.zip

Enjoy!

author sizeof(cat)

created May 9, 2023

tags #leaks, #optimeyes, #security