Digital Shadows, a company specializing in analyzing digital risk management and investigating information threats. The company today released a survey outlining the huge scale of business and consumer sensitive data leaks.
"The volume of data should be a major concern for any organization that has a security and privacy awareness. In addition, with the rapid implementation of the GDPR, there will be clear regulatory implications for any organization that stores EU citizen data. "
During the first three months of 2018, the researchers of Digital Shadows detected over 1,5 billion (1,550,447,111) files available on open service dupms: Amazon Simple Storage Service (S3), rsync, διακομιστές SMB, FTP servers, λάθος διαμορφωμένους ιστότοπους και μονάδες δίσκου NAS (Network Attached Storage).
This number corresponds to over twelve petabytes (12.000 terabytes) of data. For those who didn't understand 12 peta of data is freely circulating on the internet. To give you an idea of the magnitude, the number is over four thousand times the leak'Panama Papers' which reached 2,6 terabytes.
The most common data found to circulate were payroll records and tax returns (700.000 and 60.000 files respectively).
However, consumers are also at risk from the 14.687 exposure of information leakage from patients. In one case, the data included point of sale information, in which there were recorded transactions, and some credit card information.
But interestingly, while we'd all expect most leaks to come from Amazon S3 misconfigurations, in Digital Shadows' study leaks from service they represent only 7% of the exposed data discovered.
On the contrary, services such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) contributed to the largest information report. These technologies may be old, but they are still widely used.
The leaks also revealed very sensitive data, such as a patent summary for renewable energy that was described as "strictly confidential". Another example is a document containing a proprietary source that was submitted for copyright.
Rick Holland, head of the Digital Shadows Information Security, says:
"While we often try to respond to intruders who enter our environment and steal our data, we do not focus on our external digital fingerprints and data that is already available to the public through unsafe services."
Read the entire Digital Shadows survey, from here.
- Facebook: Beyond advertising you are the product
- DNS: how to find the fastest DNS resolvers for your system