We have learned from public disclosures that, there are millions, if not billions of sensitive, private, confidential, and even secret data object offering unfettered accessibility on the Internet, which are open for anyone with a modicum of OSINT skill to discover, view, download, and where applicable abuse to their own deviant end.
Examples which, I can attest from first-hand research in April 2018 place such object in in the following categories:
- Company related information
- Sensitive inter-organisation memorandum
- Person family images
- Personal relationship images
All of which I would assume are subject to access control restrictions, but which are clearly open for ‘anyone’ to access by utilisation of the most basic of Google Analytics command line instructions!
I have no intention here of adding to the problem, and teaching any uninformed user how to do this – the only message I wish to convey is, insecurity of such data sitting on ISP File Servers (and others) as well as on those smart Internet connected smart devicies can be very, very insecure – and as such, all users need to confirm the level of security applied to any such personal or company data object prior to them being posted onto, what may be considered a secure logical location.