Digital Shadows, a company specializing in analyzing digital risk management and investigating information threats. The company today released a survey outlining the huge scale of business and consumer sensitive data leaks.
“The volume of data should be a major cause of concern for any organization with a consciencebetter safetyand privacy protection. In addition, with the rapid implementation of GDPR, there will be clear regulatory implications for any organization that stores data of EU citizens.”
During the first three months of 2018, Digital Shadows researchers detected over 1,5 billion (1,550,447,111) files available on open service dupms: Amazon Simple Storage Service (S3), rsync, SMB servers, FTP servers, misconfigured websites and Network Attached Storage (NAS) drives.
This number corresponds to over twelve petabytes (12.000 terabytes) of data. For those who didn't understand 12 peta of data is freely circulating on the internet. To give you an idea of the magnitude, the number is over four thousand times larger than the leakage 'Panama Papers' which reached 2,6 terabytes.
The most common data found to circulate were payroll records and tax returns (700.000 and 60.000 files respectively).
However, consumers are also at risk from the 14.687 exposure of information leakage from patients. In one case, the data included point of sale information, in which there were recorded transactions, and some credit card information.
Interestingly, though, although we would all expect most leaks to come from Amazon S3's incorrect settings, in the Digital Shadows study, service leaks account for only the 7% of the exposed data found.
On the contrary, services such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) contributed to the largest information report. These technologies may be old, but they are still widely used.
The leaks also revealed very sensitive data, such as a patent summary for renewable energy that was described as "strictly confidential". Another example is a document containing a proprietary source that was submitted for copyright.
Rick Holland, head of the Digital Shadows Information Security, says:
"While we often try to respond to intruders who enter our environment and steal our data, we do not focus on our external digital fingerprints and data that is already available to the public through unsafe services."
Read the entire Digital Shadows survey, from here.
- Facebook: Beyond advertising you are the product
- DNS: how to find the fastest DNS resolvers for your system
