Connect with us

Hi, what are you looking for?

Tech & Science

EventBuilder misconfiguration exposes 100,000 records

Many organizations have fallen victim to breaches because they do not have sufficient visibility into their IT environments.

Laptop in a meeting room.
Image by Tim Sandle of a computer being used at work.
Image by Tim Sandle of a computer being used at work.

A recent EventBuilder misconfiguration exposed personal details of over 100,000 event registrants. It is feared that CSV/JSON files containing the personal information of individuals who registered for events via Microsoft Teams have been made available to rogue actors and that personal identifiable information could be exposed.

There are concerns that similar breaches could happen in the future, particularly as businesses are connecting web applications to cloud storage.

Delving into the matter for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.

According to Rasiah these types of incidents are relatively common and this infers an inherent weakness.

As Rasiah  explains: “Misconfigurations like these happen much more frequently than one would expect, leaving customer information vulnerable to cybercriminals who can exploit the exposed data for a multitude of malicious purposes.”

To highlight the commonality, Rasiah states: “Many organizations have fallen victim to breaches because they do not have sufficient visibility into their IT environments and can’t properly discover and map data.”

This suggests a knowledge and resource shortfall, Rasiah argues. He says: “Even though it is a critical aspect of security as well as optimization, many organizations don’t have a clear view of their infrastructure, applications and how those workloads are connected.”

Looping back to the specific incident, Rasiah notes: “In this case, ethical researchers identified the exposed server before the data was compromised, but unfortunately, many times bad actors find the data first.”

Lessons need to be distilled down from the incident, as Rasiah recommends: “Companies entrusted with personal user information must leverage tools that provide holistic, real-time observability into the cloud landscape to remediate misconfigurations before it’s too late.”

He adds that such measures will pay dividends: “With proactive security and governance policies in place, businesses can operate confidently knowing that sensitive user data is secure.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

The Supreme Court is attempting to undermine the federal regulatory state established by Congress.

World

Worshippers from across the world have packed the streets of Mecca as Islam's holiest city prepares to host the biggest hajj pilgrimage.

World

Rescuers warned Monday that hope of finding survivors was diminishing after an avalanche set off by the collapse of an Italian glacier.

World

The city is still living in slow motion, even though Russian troops withdrew from the outer northern and northeast suburbs three months ago.