Digital Shadows, a company specializing in digital risk management analysis and information threat investigation. The company released today a research which outlines the sheer scale of the leaks of sensitive business and consumer data.
"The volume of data should be a major concern for any organization that has a security and privacy awareness. In addition, with the rapid implementation of the GDPR, there will be clear regulatory implications for any organization that stores EU citizen data. "
During the first three months of 2018, Digital Shadows researchers detected more than 1,5 billion (1,550,447,111) files available on open dupms services: Amazon Simple Storage Service (S3), rsync, SMB servers, FTP servers, wrongly configured websites and Network Attached Storage (NAS) drives.
This number corresponds to over twelve petabytes (12.000 terabytes) of data. For those who didn't understand 12 peta of data is freely circulating on the internet. To give you an idea of the magnitude, the number is more than four thousand times larger than the Panama leak Papers' which reached 2,6 terabytes.
The most common data found to circulate were payroll records and tax returns (700.000 and 60.000 files respectively).
However, consumers are also at risk from the 14.687 exposure of information leakage from patients. In one case, the data included point of sale information, in which there were recorded transactions, and some credit card information.
Interestingly, though, although we would all expect most leaks to come from Amazon S3's incorrect settings, in the Digital Shadows study, service leaks account for only the 7% of the exposed data found.
On the contrary, services such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) contributed to the largest information report. These technologies may be old, but they are still widely used.
The leaks also discovered highly sensitive data, such as a patent abstract for renewable action that was characterized as "strictly confidential". Another example involves a document containing proprietary source code submitted for copyright.
Rick Holland, head of the Digital Shadows Information Security, says:
"While we often try to respond to intruders entering our environment and stealing our data, we don't focus on our external digital footprints and data that is already publicly available through services that are not secure.”
Read the entire Digital Shadows survey, from here.
- Facebook: Beyond advertising you are the product
- DNS: how to find the fastest DNS resolvers for your system