You would have thought that after the Facebook/Cambridge Analytica incident that made global news last month, organizations would be doing their upmost to protect sensitive data. Well, here comes a new AWS leak.
Localblox, a data harvesting company that collates data from public web profiles, has been found to have exposed critical information on over 48 million social media users by storing the data on an unprotected and publicly accessible Amazon Web Servers (AWS) S3 bucket.
Security researchers discovered that the bucket contained a 151.3 GB compressed file, which, when decompressed, formed a 1.2 TB file. The information is said to have been made up of scraped public profiles from social media sites like Facebook, LinkedIn, Twitter and even real estate site Zillow – all without the user’s consent.
With no security in place, an unsuspecting user could gain access to sensitive data such as names, job information and history, addresses, twitter handles, email addresses and date of births.
When adopting cloud services and for the importance of data privacy, organizations must review the security measures as it will be the organization, not the cloud service provider, that will be held responsible for the data. Thankfully, Localbox secured the AWS server the same day they were notified by the security researchers, but unprotected cloud servers are becoming all too frequent for comfort. This has led to many still not trusting the cloud with critical information and, as a result, may lead to a halt in cloud migration.
With the introduction of the European General Data Protection Regulation (GDPR), data protection will become mandatory for any organization storing or holding data of European citizens, whether that be in-house or in the cloud. It will also reduce the risk posed by third-party vendors who may have access to such information. Although the fines maybe severe, plenty of time has been given with full warning of the consequences for any organization found not adhering to the rules. Yes, there are risks associated to cloud adoption, but there are data protection solutions like the eperi Gateway available to address these.
Article Source: bleepingcomputer.com
Recommended for You