The target: Investment Management firm BlackRock.
The take: Three separate spreadsheets, containing names, e-mail addresses, and assets invested in iShares ETFs for about 20,000 financial advisers.
The attack vector: The spreadsheets were accidentally made publicly available on the firm’s website for more than a month, prompting concerns that if harvested, the data could be a goldmine for phishing campaigns and targeted attacks.