In his write-up, Diachenko notes how he discovered the exposed database on July 13, 2020 and proceeded to disclose the issue to the company. He adds that he did not receive a response from Adit. As a result, the data was destroyed and potentially stolen over a week later by a malicious bot.
The issue not only highlights the extent of data vulnerability online, it also highlights the importance of businesses taking issues seriously and responding, not only to protect data of users but also maintaining public confidence in the company.
Commenting on this case for Digital Journal is Anurag Kahol, CTO and co-founder of Bitglass.
Kahol begins by assessing the extent of cybersecurity spending around the world, noting: “Gartner forecasts global information security spending to reach $123 billion this year, yet organizations continue to be plagued by easily preventable security failures–such as leaving a database with millions of patients’ personal data exposed without a password.”
In relation to the specific incident, Kahol says: “This incident highlights how most organizations lack full visibility and control over their data, which are two critical components needed for a mature security program and to proactively prevent leaks and breaches.”
As a lesson of all companies, Kahol recommends: “Obtaining full visibility and control over corporate data starts with a multi-faceted approach to security. Specifically, solutions that enforce real-time access control, encrypt sensitive data at rest, and manage the sharing of data with external parties, can help proactively prevent data leakage.”