‘Secure’ Backup Company Leaks 135 Million Records Online After Misconfiguration – Experts Insight

By   ISBuzz Team
Writer , Information Security Buzz | Apr 02, 2020 10:58 am PST

A company claiming to provide “the world’s most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned.

The trove included PII such as names, emails, phone numbers, business details (for corporate customers) and account usernames.

The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands including Decathlon, PhotoSquared and Yves Rocher.

“The exposed database contained over 135 million records, totalling almost 70GB of metadata related to user accounts on SOS Online Backup. This included structural, reference, descriptive, and administrative metadata covering many aspects of SOS Online Backup’s cloud services,” vpnMentor explained.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
April 2, 2020 6:59 pm

A misconfiguration can be like doing the attacker’s work for them. No one has to break in, if the front door is left open.

Organizations are often very aware of security vulnerabilities, but continuously scanning for misconfigurations is just as important. Environments change, and change can result in data being mistakenly exposed. If you’re scanning for vulnerabilities, but not addressing the changes in your environment, you’re only doing half the job.

Last edited 3 years ago by Tim Erlin

Recent Posts

Would love your thoughts, please comment.x