App Developers Left 540 Million Facebook Users’ Records on the Public Internet

The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service. Continue reading App Developers Left 540 Million Facebook Users’ Records on the Public Internet

Hundreds of thousands of voter records found exposed on misconfigured server: report

Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]

The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.

Continue reading Hundreds of thousands of voter records found exposed on misconfigured server: report

GDPR will change how companies work with cloud providers

One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we are seeing errors in the way they safeguard personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, ‎director of cyber risk research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery identified these openly discoverable instances associated with a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While they were all based in America, Vickery recently came across a similar breach at French marketing firm Octoly, which caters […]

The post GDPR will change how companies work with cloud providers appeared first on Cyberscoop.

Continue reading GDPR will change how companies work with cloud providers

AWS Makes Permissions Check Feature Free to Prevent S3 Bucket Breaches

Amazon Web Services (AWS) has made its Permissions Check feature freely available to help customers prevent an S3 bucket breach. On 20 February, Amazon made the announcement in a news update: AWS Trusted Advisor now helps all customers better secure th… Continue reading AWS Makes Permissions Check Feature Free to Prevent S3 Bucket Breaches

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. Continue reading Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data