Researchers at vpnMentor discovered the unsecured database hosted on AWS as part of a broader web mapping project and quickly traced it back to casino app Clubillion in March.
The online database, which was finally secured on April 5, was updated with huge amounts of users’ personal information every single day: in the region of 200 million new records, and included personally identifiable information (PII) including emails, private messages, winnings and IP addresses.
According to Gartner, 99% of cloud security mishaps will continue to be a result of misconfigurations caused by human error through 2025. Cloud security is a shared responsibility between the cloud service provider and the organisation, but the onus is on the companies that use services like AWS to ensure that data storage buckets are configured correctly and are properly secured.
Sensitive and personally identifiable information (PII) should never be accessible by unauthorised parties, as this kind of information can enable identity theft and highly targeted spear-phishing campaigns. To safeguard customer data, organisations must have full visibility and control over their data in order to prevent breaches and leaks. This can be accomplished by employing advanced security solutions that remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.