Rallyhood Exposed A Decade Of Users’ Private Data – Expert’s Comment

TechCrunch has reported that Rallyhood, the social network designed to help groups communicate and coordinate, left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.

Experts Comments

February 26, 2020
Tim Erlin
VP of Product Management and Strategy
Tripwire
Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organizations should put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetisable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are.....Read More
Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organizations should put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetisable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are configured to protect it. Monitor those configurations for change to ensure the data isn’t exposed in the future.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.