(C) ProPublica.
This unaltered story was originally published at ProPublica.org. [1]
Licensed under creative commons by-nc-nd/3.0 [2]


Cybersecurity Threat Advisory 0067-19: Data Leaks Due to Unsecured Cloud Environments

Author Name, ProPublica

2019-12-20 14:11:55+00:00

There have been numerous data leaks recently due to misconfigured cloud environments, most notably ElasticSearch and Amazon S3. Gartner predicted that 95% of cloud security failures will be due to misconfigured clouds in 2020 earlier this year and these exposures are indicators of that coming true. Be sure to review security best practices for all your cloud environments, especially Amazon S3 and ElasticSearch.

In the past week, there have been major data exposure incidents due to unsecured cloud-based databases. A security researcher, Bob Diachenko, discovered a large ElasticSearch database that had no password protection. This database contained a total of 2.7 billion email addresses, with 1 billion of those that included passwords in clear text. The emails that came with passwords were also confirmed to be a part of a major data breach that occurred back in 2017, which involved them being sold on the Dark Web. Diachenko reported the database and it was ultimately taken down, but the confidential information had been wide open to the public for at least a week. The rise in unsecured databases found by researches is an indicator that threat actors are also accessing the same or similar unauthorized information.

In another instance, 800,000 birth certificate applications were found online by researchers at Fidus Information Security. These applications were exposed by an unnamed company whose service is to supply individuals with copies of birth and death certificates. The applications were found on the Amazon Web Services cloud platform with no password protection. Anyone who could guess the URL was able to access these records which contained personally identifiable information (PII). The highly sensitive material includes email addresses, phone numbers, birthdays, home addresses, historical data, and family member information. Due to this personal data being so publicly accessible, the severity and exposure to attackers increases dramatically which can cause serious damage for all individuals involved.
[END]

[1] URL: https://getskout.com/cybersecurity-threat-advisory-0067-19-data-leaks-due-to-unsecured-cloud-environments/
[2] URL: https://creativecommons.org/licenses/by-nc-nd/3.0/us/
   URL: https://www.propublica.org/steal-our-stories

ProPublica via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/propublica/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.