https://twitter.com/xxdesmus/status/1169284464830103552
https://twitter.com/xxdesmus/status/1169284464830103552
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Glynk joins the growing list of organizations in 2019 that have left Elasticsearch servers unprotected, thus leaving sensitive information exposed and vulnerable to potential use and abuse by cyber criminals. The 2.2 billion rows of data exposed in this leak include usernames, email addresses and users’ IP addresses they used to access the app. Additionally, the exposed database was leaking raw production SQL statements, which could provide an attacker with enough information to map out the structure of Glynk’s database.
While the database has now been secured, the data it contained was potentially exposed for months, opening up opportunities for bad actors to discover the massive trove of data and launch sophisticated phishing or brute force campaigns. To honor the trust of app users and customers, and prevent companies from being subjected to significant fines and related costs, organizations must be diligent in ensuring their data is protected with proper security controls. Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that Elasticsearch databases and other assets never have the opportunity to be exposed, even temporarily.
Up to a million people are at an increased risk of phishing attacks thanks to Glynk’s leak of 2.2 billion rows of data, which exposed usernames and email addresses as well as the IP addresses from which users accessed the Android app. Modern phishing attackers use data like this, in combination with shockingly effective impersonations of people and brands trusted by their targets, leading to account takeover, identity theft and other scams. This incident further highlights the need for companies to protect personal information — including email addresses — to prevent cyber criminals from gaining their next victim.