In an unusual occurrence, a pair of security researchers stumbled upon an unexpected, and unnerving security vulnerability; a publicly accessible, unsecured database floating in the cloud.
In an easily readable format, the database presented the full names, complete addresses, marital statuses, dates of birth, income brackets, and home ownership statuses for 80 million, or 65% of, American households. The number of individuals affected is likely in the hundreds of millions, according to Forbes.
The database did not contain social security numbers or egregiously compromising financial information, a slight relief. Nonetheless, the level of detail instantly available to anyone made the database a “goldmine” for identity thieves, ransomware artists and phishing scammers.
Initially, the security researchers could not determine who owned the database, and asked the security crowd on internet to weigh in. Since the expose of the incident, an account owner has been identified and contacted, and the data has been expunged from the internet.
Former Deputy Technology Editor of the New York Times, Quentin Hardy, is quoted as saying that the cloud is “probably more secure than conventionally stored data.” From encryption to firewalls, elementary security protocols inherently make the data more secure than anything lying around on a desktop.
In general, the demand for cyber experts, including CISOs, far outstrips the supply, which may or may not have contributed to this goof. A recent report projects that the 2019 global demand for cyber security professionals will be in the 6.5 million range, but that roughly 1.5 million of those jobs will go unfilled. Consequently, our cyber storage may not be as well protected as ideal, and we may be in for a storm of breaches. Bring your umbrella.
In other breaking breach news, a breach occurred in Panama this week, exposing a whopping 85% of the population’s personal information.