FormGet Security Lapse Exposed Thousands Of Sensitive User-Uploaded Docs

Online form maker, FormGet, which allows its 43,000 customers to create online forms so others can submit their resumes or apply for a job, or provide proof of address or employment, buy goods online, etc, left one of its cloud storage servers online and exposed without a password. The storage bucket, which FormGet pulled offline last night, was packed with hundreds of thousands of files and documents.

Subscribe
Notify of
guest
2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
July 29, 2019 10:45 am

“The problem of misconfigured cloud storage is often exacerbated by trusted third-parties. Most modern businesses have a legitimate need to share their data with diverse vendors, for example, to grow sales and increase profits via external analytics and forecasting capabilities. Vendors may often prioritize performance over data protection to survive on a highly competitive global market. Despite that most companies do have a vendor risk management policy, few are properly enforced and even less are being continuously monitored for non-compliances. Consequently, your data may suddenly land at the most unexpected place, exposing your company to severe regulatory penalties and a great wealth of other legal ramifications.”

Last edited 2 years ago by Ilia Kolochenko
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
July 29, 2019 10:50 am

“The problem of misconfigured cloud storage is often exacerbated by trusted third-parties. Most modern businesses have a legitimate need to share their data with diverse vendors, for example, to grow sales and increase profits via external analytics and forecasting capabilities. Vendors may often prioritize performance over data protection to survive on a highly competitive global market. Despite that most companies do have a vendor risk management policy, few are properly enforced and even less are being continuously monitored for non-compliances. Consequently, your data may suddenly land at the most unexpected place, exposing your company to severe regulatory penalties and a great wealth of other legal ramifications.”

Last edited 2 years ago by Ilia Kolochenko
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x