Expert insight: Ethical hackers find 350 million exposed email addresses

White hat hackers CyberNews recently discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018.  This unsecured bucket of data was hosted on an Amazon S3 server and exposed for around 18 months in total before Amazon shut it down in June. CyberNews says it’s unclear if malicious actors accessed the data, however, anyone who knew it was there could have downloaded the files.

Experts Comments

August 13, 2020
Joe Moles
vice president of customer security operations
Red Canary
Unsecured servers containing databases with large swaths of email addresses can be a tremendous resource for any adversary, whether they’re conducting an indiscriminate spam campaign or a targeted spear-phishing attack. While there isn't any indication that these email addresses were ever exposed to an adversary, organizations can protect themselves from possible threats by shoring up email filters and implementing or improving employee security awareness training. Additionally, given.....Read More
Unsecured servers containing databases with large swaths of email addresses can be a tremendous resource for any adversary, whether they’re conducting an indiscriminate spam campaign or a targeted spear-phishing attack. While there isn't any indication that these email addresses were ever exposed to an adversary, organizations can protect themselves from possible threats by shoring up email filters and implementing or improving employee security awareness training. Additionally, given increased reliance on cloud hosted systems and decentralized systems, it is incredibly important that IT and security teams educate themselves on the various access control settings for the cloud services they use. At the end of the day this is a symptom of immature IT hygiene. Most of this risk can be reduced through maturing processes to better track configuration, inventory, etc. Simply put: better security through better IT.  Read Less
August 13, 2020
Casey Kraus
President of Cloud Security Management Provider
Senserva
This breach is somewhat different than those in recent news. There has been a good number of stories on how bad actors infiltrate environments by exploiting misconfigured user accounts. Here with the Amazon S3 bucket, this was misconfiguration on AWS Server itself. This is another example of a cyber security gap despite the increased investment in security. The technology is outpacing the ability to effectively manage all aspects of the new cloud reality. User security and the idea of.....Read More
This breach is somewhat different than those in recent news. There has been a good number of stories on how bad actors infiltrate environments by exploiting misconfigured user accounts. Here with the Amazon S3 bucket, this was misconfiguration on AWS Server itself. This is another example of a cyber security gap despite the increased investment in security. The technology is outpacing the ability to effectively manage all aspects of the new cloud reality. User security and the idea of enforcing least privilege doesn't help an organization if they are not securing the other objects in their environment.  Read Less
August 13, 2020
Lamar Bailey
Senior Director of Security Research
Tripwire
Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organisations put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetizable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are.....Read More
Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organisations put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetizable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are configured to protect it. Monitor those configurations for change to ensure the data isn’t exposed in the future.  Read Less
August 13, 2020
Martin Jartelius
CSO
Outpost24
It is important to differentiate between signal and noise when it comes to alerts. The fact that you have an email, and what that email is, is something that you continually share when using the Internet. This is also the reason you receive substantial amounts of spam and direct marketing. Comparing this to for example the Yahoo breach where we are talking about accounts, leading to potential credentials breach, and on the other hand, this case - a “breach” where emails constitute a means.....Read More
It is important to differentiate between signal and noise when it comes to alerts. The fact that you have an email, and what that email is, is something that you continually share when using the Internet. This is also the reason you receive substantial amounts of spam and direct marketing. Comparing this to for example the Yahoo breach where we are talking about accounts, leading to potential credentials breach, and on the other hand, this case - a “breach” where emails constitute a means of contacting someone or at worst their username, is an incorrect parallel to draw. The main risk here is that the individuals concerned will receive more unwanted emails. No more, no less. As a collective, the security industry has a bad habit of making something benign sound worse than it is, making it hard for those with less insight to focus their efforts. This is clearly such a case, where we can even see recommendations such as changing passwords even though no passwords have been leaked, at least based on what is detailed in the disclosure.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.