Rallyhood Exposed A Decade Of Users’ Private Data – Expert’s Comment

TechCrunch has reported that Rallyhood, the social network designed to help groups communicate and coordinate, left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
InfoSec Expert
February 26, 2020 5:56 am

Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organizations should put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetisable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are configured to protect it. Monitor those configurations for change to ensure the data isn’t exposed in the future.

Last edited 2 years ago by Tim Erlin
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x