One of the cybersecurity concerns that tends to be overlooked is when a company ceases to trade and yet leaves data circulating in a cloud system. This is the case with ‘Reindeer’, which was a New York-based digital media advertising and marketing company.
Reindeer went out of business yet it left an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files. These digital files amounted to a total of 32 GB of size. The exposure affected around 306,000 people, who were customers of various Reindeer clients.
In terms of highlighting the risks from such legacy issues, the leaked data dates back to May 2007 and extended to February 2012.
Those impacted by the availability of the data included the ‘Patrón Tequila’ alcoholic beverage brand and the ‘Jack Wills’ UK clothing brand. The exposed details included full names, email addresses, physical addresses, phone numbers, and hashed passwords.
The situation has led some analysts to raises serious questions about the shared responsibility model for data storage, especially around configuration issues and with addressing access flaws.
Such a situation is evidently serious, according to Pravin Rasiah, VP of Product, CloudSphere. Rasiah explains to Digital Journal why action is needed to clean-up the digital data legacy issues of former companies.
Rasiah explains: “Improperly secured AWS S3 buckets are notorious for being one of the leading causes of data breaches due to misconfiguration.”
Why might this be so? Rasiah says: “This is because inexperienced users can accidentally select the “all users” access option, unwittingly making the bucket publicly accessible.”
This tends to be the case, according to Rasiah: “Unfortunately, the chances of this are all too high, leaving many unsuspecting companies leveraging S3 buckets prime targets for hackers looking to exploit sensitive data.”
There are measures that can be put in place. Rasiah recommends: “To combat this risk, businesses must be acutely aware of any abnormalities within the cloud environment.”
Once these weakness are understood, firms can begin: “Leveraging a cloud governance platform with holistic, real-time visibility into the cloud landscape can enable businesses to remediate issues before hackers can target them, ensuring customer data stays secure.”
