Poorly configured cloud resources and plentiful credential leaks are vaulting 2019 toward the record books when it comes to the volume of publicly reported breach incidents. A new report out this week by Risk Based Security on data compromise incidents during Q1 2019 shows that these events are happening more frequently than ever before.
The study found that companies disclosed 1,903 data compromise incidents, exposing more than 1.9 billion records in the process, during the first three months of the year. Compared to Q1 of 2018, the volume of reported breach incidents was up by more than 56% and the number of exposed records was up by nearly 30%. This is the worst first quarter ever, when counting by number of incidents.
While last quarter’s number of records exposed is up quite a bit compared to last year’s first quarter, it’s down significantly compared to 2017. Nevertheless, the report points out that for three years in a row now we’ve seen more than 1 billion records exposed during first quarter. That’s astonishing, considering that from 2009 to 2016, the typical tally usually came out to be between 100 million to 200 million. Compared to 2015, the number of records exposed during Q1 2019 was up by more than 10x. The report speculates that this shift into overdrive has been spurred by “leaky databases and malicious actors going public with sizable data sets for sale.”
The research into dark web activities this year by security researchers corroborates that. Consider, for instance, the massive collections of stolen credentials found by researchers this year on the dark web containing billions of stolen records. The first repository, called Collection #1 by researchers, was at the time the largest collection of stolen credentials ever found, equaling 770 million records. That high-water mark was surpassed just a few weeks later when researchers found four more connected repositories of data. Collections #2 through #5 added an additional 2 billion stolen credentials to that tally.
“The number of data leaks–both in the form of open, unsecured services and credentials leaks–reached new levels this quarter,” commented Inga Goddijn, executive vice president and head of Cyber Risk Analytics for Risk Based Security. “Researchers are increasingly going public when they discover sizable, unprotected databases containing sensitive information and unfortunately, they aren’t terribly difficult to find when you know where to look.”
In fact, the report shows that almost 68% of records compromised in first quarter of 2019 were due to exposure of sensitive data on the internet. Many of these are the kinds of embarrassing leaks that occur when organizations fail to password-protect or configure cloud resources. For example, just last month 540 million Facebook records were exposed by publicly accessible Amazon S3 buckets run by two different third-party Facebook apps. It is this kind of poor security posture that is similarly opening up thousands of GitHub users to ransomware attacks at the moment.