Workload and Application Security Blog

Virsec Speaks About 1.2 Billion Records Found Exposed Online on Unsecure Single Server

Written by Virsec | Dec 4, 2019 2:54:38 AM

ISBuzzNews, November 24, 2019, with comments by Willy Leichter

Last week’s news revealed 1.2 billion records were exposed in an online data leak, residing all on one unsecured server. The Elastisearch server was discovered on October 16 by Dark Web researcher Vinny Troja, while searching for other leaks with colleague Bob Diachenko.

The exposed data was a departure from what is usually seen in data leaks – no passwords, credit card or Social Security numbers. This time the leaked data contained content of a social nature from hundreds of millions of people’s social profiles. Such data includes cell phone and home numbers linked to social profiles like LinkedIn, Twitter, Facebook, and Github. LinkedIn contained work histories that were included in the data along with 50 million unique phone numbers and 622 million unique email addresses.

Willy Leichter, VP of Marketing at Virsec Reflects on the Leak and Advises That the Time to Act Is Now

“The data exposed appears to have been handled by at least two “data enrichment companies.” These organizations aren’t so different from the credit reporting agencies that collect our data. Oftentimes, we don’t know what’s in there, and there’s little recourse to correct it. Well-founded privacy concerns are the major impetus behind the California Consumer Privacy Act, GDPR & other state and national privacy laws now in the works. The goal of these is to enable users to explicitly control their data that’s “out there.” There’s been no “opt-in” for consumers who don’t want their data shared, and now the challenge is how to put the Genie back in the bottle.

The time to act is NOW. The reality is that the compiled and consolidated data that massive companies are now monetizing is a small fraction of what will be exposed in the years to come. As more companies use increasingly advanced AI to predict consumer behavior, there is enormous potential for both intrusions into and limitations on the average consumers’ life. Religious preferences, social activities, spending patterns, educational potential and more may become mere data points by which consumers are targeted or limited. Just as so many companies are now using consumer behavioral data to predict shopping, travel patterns and more, they could use customer data, including illegally sourced data, in ways that have the potential to be detrimental on entirely new levels.

The data Genie is growing daily. It’s urgent that authorities pass and uniformly enforce laws to give legal control to consumers over their data. It’s equally urgent that individuals today invoke greater care of their data in the absence of such laws, and that companies are far more diligent with data collected than we’ve seen in these last few years.”

For more information, see our article, 1.2 Billion Records Exposed in the Biggest Data Leak in a Decade.

 

Read full 1.2 Billion Records Found Exposed Online in a Single Server article.

Further resources:

Less Than 100 Days Till A New California Privacy Law Goes into Effect 

FTC Fines Equifax up to $700M for 2017 Data Breach

Equifax web app breach exposed data of 143 million consumers

Yahoo data breach found to affect all 3 billion users

FTC Approves Record $5B Fine for Facebook

White Paper: Making Applications Truly Self-Defending