SECURITY
SECURITY
SECURITY
Report finds 2B+ private files exposed online
A new report from cybersecurity startup Digital Shadows Ltd. today has found a staggeringly large number of files exposed on the internet.
Undertaken by the company’s Photon Research Team, the “Too Much Information: The Sequel” study assessed the scale of inadvertent global data exposure and found 2.3 billion private files exposed across online file stores that should not have been.
The exposed data included passport scans and bank statements as well as business information such as credentials to company systems.
An increase of 750 million files since the same study was undertaken last year, the highest number of exposed records was found in the U.S. at 326 million. That was followed by Germany with 121 million records and the U.K. with 98 million. The last two are notable as the exposed data would be in breach of Europe’s General Data Protection Regulation.
The study found that the most common cause of data exposure is the misconfiguration of commonly used file storage technologies, with nearly 50% of the files found to be exposed via the Server Message Block protocol. FTP came in at 20%, rsync at 16%, while surprisingly, despite near-constant media reports, misconfigured Amazon Web Services Inc. instances accounted for only 8% of exposed data.
“Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant,” Photon Research Analyst Harrison Van Riper said. “Countries within the European Union are collectively exposing over one billion files – nearly 50% of the total we looked at globally – some 262 million more than when we looked at last year. Some of the data exposure is inexcusable – Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organizations to regularly audit the configuration of their public facing services.”
Digital Shadows advised enterprise to take simple steps to make sure and then double-check that the data they’re hosting is secure.
The advice includes using Amazon S3 Block Public Access to limit public exposure of buckets; disabling SMBv1 and for systems which require the protocol, update to SMBv2 or v3; IP whitelisting to enable only those systems that are authorized to access shares; disabling port 837 to restrict access to rsync; and finally, using Secure FTP as opposed to standard FTP.
Photo: Pxhere
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
