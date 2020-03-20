Special By By Tim Sandle 54 mins ago in Technology A database containing a collection of data breaches has itself been exposed due to security flaws relating to a cloud-based system. Expert Anurag Kahol, CTO, Bitglass, provides analysis for Digital Journal. The exposed data included: Hashtype Leak date year Password Email Email domain For analysis about the data breach, Digital Journal spoke with The first thing Kahol notes is the size of the incident: “This data leak may be one of the biggest to date--5 billion records were exposed. The compromised information included email addresses, passwords, and even the source of the leak." Kahol next looks at the significance of the incident: "This kind of information makes the impacted individuals vulnerable to malicious tactics, such as phishing scams and identify theft." At the heart are cloud computing vulnerabilities, as Kahol spots: "This incident is consistent with a In terms of how the data breach happened and how likely the data was to be exposed, Kahol states: "Although this misconfiguration was discovered by security researchers, hackers use tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases. In other words, this vulnerability could have easily been exploited by bad actors seeking to appropriate data." With preventative actions, Kahol recommeds: "To ensure data is always safe, companies should look for comprehensive cloud security platforms that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.” Security researcher Bob Diachenko has discovered a publicly available Elasticsearch instance that housed over 5 billionrecords, which appeared to belong to UK-based security company Keepnet Labs . The irony of the discovery is that it was a ‘data breach database’, itself a massive collection of previously reported and possibly not reported security incidents spanning from 2012 to 2019.For analysis about the data breach, Digital Journal spoke with Anurag Kahol , CTO, Bitglass The first thing Kahol notes is the size of the incident: “This data leak may be one of the biggest to date--5 billion records were exposed. The compromised information included email addresses, passwords, and even the source of the leak."Kahol next looks at the significance of the incident: "This kind of information makes the impacted individuals vulnerable to malicious tactics, such as phishing scams and identify theft."At the heart are cloud computing vulnerabilities, as Kahol spots: "This incident is consistent with a recent Gartner prediction which claimed that 99 percent of cloud security failures through 2025 will be caused by missteps on the user side rather than by cloud service providers. As such, the onus is on the organizations using cloud services to take the necessary measures to secure their own data."In terms of how the data breach happened and how likely the data was to be exposed, Kahol states: "Although this misconfiguration was discovered by security researchers, hackers use tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases. In other words, this vulnerability could have easily been exploited by bad actors seeking to appropriate data."With preventative actions, Kahol recommeds: "To ensure data is always safe, companies should look for comprehensive cloud security platforms that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.” More about Data breach, Cybersecurity, Cyberattack, Data loss More news from Data breach Cybersecurity Cyberattack Data loss