Personal Details of 1M Dating App Customers Leaked – Security expert comments

It was reported over the weekend that breaches occurred in five dating apps, leaking PI on more than 1 million users, attributed to misconfigurations of various servers: Amazon buckets, ElasticSearch, and MongoDB.

Experts Comments

July 07, 2020
Casey Kraus
President of Cloud Security Management Provider
Senserva
Companies that store their data in cloud environments need to have misconfigurations to be the focus of the security conversation. There is always a shared responsibility for security between the cloud provider and the company. Failure to ensure that your environment is secure will continue to put your company and your client's information as risk. It is said that 99% of data breaches in cloud environments happen due to customer misconfiguration, mismanagement, or mistakes.
July 07, 2020
Colin Bastable
CEO
Lucy Security
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and.....Read More
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and subscriber growth. Or perhaps the original architect is no longer employed. Regardless – they dropped the ball.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.