A server security lapse has exposed a massive database of customer information belonging to Rubrik, an IT security and cloud data management giant. The exposed server wasn’t protected with a password, allowing access to anyone who knew where to find the server.
The database itself, running on a hosted Amazon Elasticsearch server, was storing tens of gigabytes of data, including customer names, contact information and case work for each corporate customer.
— The Stack (@StackTime) January 30, 2019
Expert Comments below:
Rich Campagna, CMO at Bitglass:
“It does not take much effort for outsiders to find unsecured databases and access sensitive information these days. This breach is a classic example of a simple security mistake resulting in massive amounts of customer data being exposed. Exposing this number of records to the public internet is a significant offence by the organisation and one that we’ve seen dozens of times in the past year, yet it is unlikely that we’ll see anything change unless organisations take the initiative in protecting corporate data. Leaving a server publicly accessible is simply unacceptable. Even smaller companies with limited IT resources must ensure that they are properly securing data. Companies must realise that the implications failing to invest in their own cybersecurity readiness are wide-spread posing major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation.”