Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Verizon Won’t Be the Last to Leave Data Exposed in the Cloud

    By
    Sean Michael Kerner
    -
    July 13, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Data breaches

      Leaving data in a publicly accessible location, where it can be found by anyone looking, is not exactly the textbook definition of a sophisticated data breach. Yet time and again, security researchers report on alleged “breaches” of data by organizations and their partners that has been left in the cloud in an openly accessible manner.

      The latest such breach victim is telecom giant Verizon, which inadvertently exposed information about 6 million customers that was publicly posted on a cloud server by its partner NICE Systems. The Verizon data leak was discovered by researchers working with UpGuard’s CyberRisk Team and was publicly disclosed on July 12.

      According to UpGuard, it first disclosed to Verizon that the cloud data was exposed on June 13, with Verizon finally securing the data on June 22.

      “The data repository, an Amazon Web Services S3 bucket administered by a NICE Systems engineer based at their Ra’anana, Israel headquarters, appears to have been created to log customer call data for unknown purposes,” UpGuard wrote in its disclosure. “Verizon, the nation’s largest wireless carrier, uses NICE Systems technology in its back-office and call center operations.”

      UpGuard security researcher Chris Vickery is credited with the initial discovery of the data, which was found on an Amazon Web Services (AWS) cloud S3 storage instance. According to UpGuard, the S3 data repository enabled public access and the database was fully accessible simply by entering the correct S3 web address.

      Verizon reportedly told CNN that no loss or theft of customer information occurred as a result of the database being publicly accessible on S3.

      Verizon is not the first firm to leave data exposed on a cloud server. In June, Vickery reported that voter information from the Republican National Committee was left publicly exposed by its partner Deep Root Analytics. Earlier this month, it was revealed that wrestling entertainment firm WWE left information on millions of its fans open and exposed on a public AWS S3 instance as well.

      Simply put, if data is left on the internet, be it on a standard hosted server or in the cloud at AWS or otherwise, it can and will be found.  

      A decade ago, security researchers used a common attack approach known as “Google Hacking,” in which simply entering specific search queries would yield results that led to unsecured data that the search engine had indexed. In the cloud era, a new generation of security researchers has used different tools, including the popular Shodan search engine, to find information that has not been secured or configured properly.

      Properly securing data in the cloud isn’t all that different from securing data anywhere else. It starts with limiting access in some manner only to those services or authorized persons that need access. Using the cloud to store data isn’t different from storing data anywhere else, and those that use S3 and other such services would be wise to remember that fact. There is no obscurity in the cloud, or the modern internet; if data is not secured with access control, encryption or authentication challenges, data will be found one way or another.

      Leaving a database open without any access control or authentication checks is not a data breach or a leak; it’s just plain and simple negligence.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×