Lion Air Data Breach! Another Misconfigured S3 Bucket According to Dark Reading, Lion Air’s breach resulted when files containing the Indonesian airlines’ passenger names, passport numbers, birth dates, home addresses, and other data — was left openly accessible in an…
Ecuador’s Population Exposed in Data Breach We’ve seen a multitude of company data breaches this year, and a lot of those as a result of an exposed Elastic Search Server, but an entire population being exposed, especially pertaining to children, is…
Ecuador’s Population Exposed in Data Breach
We’ve seen a multitude of company data breaches this year, and a lot of those as a result of an exposed Elastic Search Server, but an entire population being exposed, especially pertaining to children, is troubling.
DivvyCloud co-founder & CTO, Chris DeRamus, recently spoke with Information Security Buzz on the misconfigured Elastic Search Server that exposed the entire population of Ecuador.
The misconfiguration of an Elasticsearch server left 20.8 million user records exposed – more than the entire population of Ecuador which is about 16.6 million. We’ve seen numerous times how a misconfiguration can expose nearly every customer of a company, but this might be the first instance in which the people of an entire country were put at risk.
Misconfigurations are frightfully common, but there are simple and highly effective ways to prevent them. All organizations, everywhere in the world, should deploy automated cloud security solutions that can ensure databases are configured correctly from the beginning, so there is never a risk of misconfiguration. Even as environments change (which is quite often, especially when dealing with the cloud), these solutions provide continuous monitoring and will alert the appropriate personnel in the event of a change that could lead to a security risk, or even trigger automated remediation in real-time. This way, Elasticsearch databases and other assets never have the opportunity to be exposed, even temporarily.
Read the rest of the Information Security Buzz article here.
Watch DivvyCloud’s 60-second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.
DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by David Mundy. Read the original post at: https://divvycloud.com/blog/ecuadors-population-exposed-in-data-breach/