Rallyhood Exposed A Decade Of Users’ Private Data – Expert’s Comment

By   ISBuzz Team
Writer , Information Security Buzz | Feb 25, 2020 09:54 pm PST

TechCrunch has reported that Rallyhood, the social network designed to help groups communicate and coordinate, left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
February 26, 2020 5:56 am

Leaving an AWS S3 storage bucket open to the public is essentially the same as leaving a database open on the Internet. Organizations should put in place basic protections for databases of sensitive data, and they need to do the same with data stored on AWS. Criminals have now had years to develop tools to find these open repositories of monetisable data, so the likelihood of real damage exists now more than ever. Start by understanding where your data is, then by making sure those systems are configured to protect it. Monitor those configurations for change to ensure the data isn’t exposed in the future.

Last edited 4 years ago by Tim Erlin

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x