Details on over 350,000 SSL247 customers exposed due to misconfigured AWS bucket

Another week, another misconfigured AWS S3 bucket as security researchers have discovered a misconfigured AWS S3 bucket exposing sensitive files related to SSL247, a reseller of internet security products. The leaky database exposed the personal information of up to 350,000 customers (150 GB), who made purchases through SSL247 between 2012-2020. The data breach affected customers in South America, the Middle East, North America, Europe, and Africa.

Experts Comments

August 28, 2020
Mark Bower
Senior Vice President
comforte AG
The cloud itself represents the ultimate 3rd party risk, and minimum viable compliance is proven yet again to be nowhere close enough to minimum viable security. The twist is that the shared responsibility model for the cloud puts 100% the responsibility on the data owner when they are responsible to secure, configure, and control the cloud they are using. This is a classic and preventable case of breakdown - assuming the cloud’s controls are in place or sufficient, and illustrating the weak.....Read More
The cloud itself represents the ultimate 3rd party risk, and minimum viable compliance is proven yet again to be nowhere close enough to minimum viable security. The twist is that the shared responsibility model for the cloud puts 100% the responsibility on the data owner when they are responsible to secure, configure, and control the cloud they are using. This is a classic and preventable case of breakdown - assuming the cloud’s controls are in place or sufficient, and illustrating the weak reliance on checklists and humans to enforce them. So many organizations rely on risk assessments instead of hard, proven controls like encryption and tokenization of data. The former may meet a policy, but only the latter will stop data theft when misconfiguration, attack, or error leaves data exposed.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.