It has been reported that an unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially a physical confrontation as the data included enough clues to allow a malicious actor to discover their home address.
LightInTheBox Leaks Over 1TB of Customer Data https://t.co/0ig9YhAkjV
— Eleanor Dallaway (@EleanorDallaway) December 18, 2019
Cloud storage and databases make it very easy and convenient for companies to upload and store large quantities of data. But with great storage comes great responsibility – and users of such services need to familiarise themselves with the security settings to ensure these databases are adequately secured. This should be complemented with regular assurance tests to ensure settings have not changed, as well as monitoring controls that cans alert where there is unauthorised access or unusual activity.
Until companies embed security through their staff and processes we will continue to see errors in technology that will lead to such large breaches.
Not all breaches are the result of a malicious actor. A misconfiguration can be just as impactful as a successful attack.
Organizations must monitor their environments for misconfigured systems that expose sensitive data, and they must do so continuously. Misconfigurations that used to stay hidden behind layers of network defenses are increasingly being exposed to the Internet directly, causing a rise in exposed data.