Personal Details of 1M Dating App Customers Leaked – Security expert comments

It was reported over the weekend that breaches occurred in five dating apps, leaking PI on more than 1 million users, attributed to misconfigurations of various servers: Amazon buckets, ElasticSearch, and MongoDB.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Casey Kraus
Casey Kraus , President of Cloud Security Management Provider
InfoSec Expert
July 7, 2020 9:54 am

Companies that store their data in cloud environments need to have misconfigurations to be the focus of the security conversation. There is always a shared responsibility for security between the cloud provider and the company. Failure to ensure that your environment is secure will continue to put your company and your client\’s information as risk. It is said that 99% of data breaches in cloud environments happen due to customer misconfiguration, mismanagement, or mistakes.

Last edited 2 years ago by Casey Kraus
Colin Bastable
Colin Bastable , CEO
InfoSec Expert
July 7, 2020 9:38 am

ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and subscriber growth. Or perhaps the original architect is no longer employed. Regardless – they dropped the ball.

Last edited 2 years ago by Colin Bastable
2
0
Would love your thoughts, please comment.x
()
x