Pocket iNet, an ISP, left a bonanza of sensitive information exposed, including passwords and confidential corporate data, thanks to a misconfigured Amazon S3 storage bucket.
Setting context for the gravity of the situation, Motherboard explains, “ISPs are particularly juicy targets for bad actors given their insight into every shred of data that touches their networks, and have been designated as part of the US Critical Infrastructure by the Department of Homeland Security.”
The total cache of leaked data amounted to 73 gigabytes. Details and visuals relating to the internal network and network hardware configuration, compilations of plain text passwords, and even secret keys were all there for the taking. For more than a month.
Pocket iNet is not alone in the category of data leaks. It seems to be a persistent and pervasive problem. At the end of August, two spyware companies left terabytes of sensitive data exposed online. Just a few weeks later, a disaster recovery firm left 440 million records unprotected.
While businesses are investing heavily in cybersecurity, as Motherboard suggests, the one thing they continue to drop the ball on is the internal issue of configuring servers properly.
Get the full story at Motherboard.