Sonrai Security website logo for identity and data governance and cloud security

Exposed Database Leads to 425gb in Latest Data Breach

Author: Sonrai Security Marketing | Date: March 18, 2020
Read Time: 2 minutes
Skill Level: Technical
Skill Level: Technical
Data breach

It was recently discovered that a database containing just over 500,000 sensitive records equalling 425gb of data was breached. These sensitive records were directly linked to a cash advance app that provides high interest, short term loans and credit advances to small businesses. The data included sensitive information such as, tax returns, bank statements, scanned bank checks, bank account access information, drivers licenses, social security numbers, and more.

The cause of the breach was determined after a third party investigation and appeared to be an exposed S3 bucket. This particular S3 bucket was completely unencrypted, not even a password to protect its contents. After discovering the breach a third-party service attempted to contact the company but received no response. After not hearing back AWS was contacted who shut down the S3 bucket immediately.

This seems to be a case of both negligence and a simple S3 misconfiguration. S3 bucket misconfigurations are a common cause of data breaches in today's world. Securing S3 buckets is not difficult, as they come with their own encryption methods built in. Data security is a serious business and dealing with records as sensitive as the ones in this breach requires careful planning.

Companies should always encrypt and password protect their S3 buckets and/or storage containers. Protocols and contingencies need to be put in place to safeguard the data in the event of an accident occurring. Common accidents are backing up data and restoring it, and forgetting to password protect the new data set. Accidentally leaking a private S3 bucket to a public cloud. Not securing individual access to certain secure S3 buckets. These all factor into the realm of human error and human error while unstoppable can be mitigated.

Monitoring access of authorized and unauthorized identities, educating employees, and following careful procedures when working in the cloud, and procuring proper services and tools are all steps that can be taken to reduce the risk of a data breach. Always find the right tools to help protect your environment.

Learn more about this cloud security data breach from ZDNet.

You Might Also Like

Cloud Complexities Create Chaos

According to industry analyst, Forrester, the public cloud market is growing at an astonishing rate, appr[...]

Read More

Identities Are The New Perimeter For Securing Data In Public Cloud

Powerful identity and access management (IAM) models of public cloud providers like AWS, Microsoft Azure, and Googl[...]

Read More

Data Breach Is Result Of A Failed Cloud Security Strategy

In mid January 2020, one of the largest hotel conglomerates in the world experienced a massive data breach. Over 5.[...]

Read More