It was reported over the weekend that breaches occurred in five dating apps, leaking PI on more than 1 million users, attributed to misconfigurations of various servers: Amazon buckets, ElasticSearch, and MongoDB.
It was reported over the weekend that breaches occurred in five dating apps, leaking PI on more than 1 million users, attributed to misconfigurations of various servers: Amazon buckets, ElasticSearch, and MongoDB.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Companies that store their data in cloud environments need to have misconfigurations to be the focus of the security conversation. There is always a shared responsibility for security between the cloud provider and the company. Failure to ensure that your environment is secure will continue to put your company and your client\’s information as risk. It is said that 99% of data breaches in cloud environments happen due to customer misconfiguration, mismanagement, or mistakes.
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and subscriber growth. Or perhaps the original architect is no longer employed. Regardless – they dropped the ball.