Security Expert Re: 13 Million Records Leaked By Fox News

A configuration error exposed millions of internal records at Fox News.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Willy Leichter
InfoSec Expert
April 8, 2022 10:34 am

Unfortunately, we’ve seen this movie play out many times before. Developers are notorious for thinking that security rules don’t apply to them, or that their processes are somehow isolated from hacking. Using real or realistic data at scale is an important test for most systems before they go live. But this is where we see developers get careless, or simply disregard security best practices. The almost 13 million records exposed could have fit on a single USB stick, and the data was likely shared by multiple developers – who probably felt password protection was a hassle.

We also don’t know whether the data was actually stolen but should assume it was. Research has shown that a new, unprotected server spun up on AWS will be scanned by hackers in less than 10 minutes. If a researcher found this database unprotected, we should assume that the army of hackers has already found and exploited it.
 
While this kind of negligence is common, and probably accidental, it’s also inexcusable, and usually indicates poor security controls in the organization responsible for the data. But until we have serious penalties for this type of accidental breach, we’ll see this again, and again…

Last edited 7 months ago by Willy Leichter
1
0
Would love your thoughts, please comment.x
()
x