When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security.
Netherlands-based company with 12 million users worldwide provides “military-grade data protection” solutions with its popular DataVault encryption software.
As it turns out, ENC Security had been leaking its configuration and certificate files for more than a year, the Cybernews research team discovered.
“The data that was leaking for over a year is nothing less than a goldmine for threat actors,” Cybernews researcher Martynas Vareikis said.
The company said a misconfiguration by a third-party supplier caused the issue and fixed it immediately upon notification.
