It has been reported that, led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to American software company RigUp, containing more than 70,000 private files belonging to its US energy sector clients.
RigUp, founded in 2014, is a labor marketplace and services provider built for the US energy sector, with clients across the country. According to the report, since 2014, RigUp has grown to provide additional services covering many aspects of energy company operations and is now considered the largest online marketplace and labor provider in the US energy sector, and in 2019 secured $300 million of investment, based on a $1.9 billion valuation.
The highest profile data breaches in the last couple of years have been from misconfigured cloud storage. These are not generally targeted attacks, but opportunistic, and exposing data doesn’t necessarily mean that it was compromised. Regardless of whether data was compromised or not, however, the type of data that was left exposed is particularly sensitive and makes this leak an example of why it is so crucial to set the foundations of security right.
Organizations need to evaluate their own threat model to determine where to focus their security budget. Not every organization is the same, and you can’t apply a single threat model to all of them. In order to secure data stored in the cloud, you need to configure your cloud storage correctly, and you need to be able to detect when that configuration changes in a way that deviates from your established policy.