The compromised database consisted of 140 gigabytes of data, which included contact details consisting of names, phone numbers, and postal addresses. It appears that 70 percent of the emails in Straffic’s database were already on data breach notification site Have I Been Pwned, meaning that many of emails did not come from previous breaches.
The issue came to light after a San Diego-based DevOps engineer detected the disclosure, according to TripWire. The main concern stemming from the data breach is that if these data is accessed by hackers, then such sensitive information contained within the database could be utilized by bad actors to launch targeted phishing attacks.
Looking into the issue, Anurag Kahol, CTO of Bitglass tells Digital Journal: “While Straffic is fortunate that a security researcher identified the company’s misconfigured web server, anyone could have scraped the unprotected credentials and accessed Straffic’s AWS Elasticsearch database.”
Kahol notes that: “If the 140GB of contact details fell into the wrong hands, impacted victims would have been vulnerable to sophisticated malicious attacks.”
In terms of what can be done, Kahol says that “to protect data from unauthorized access, organizations need to deploy step-up, multi-factor authentication (MFA); that way, any suspicious attempt to log in to a public cloud database will automatically trigger a request for additional identity verification.”
MFA for cloud resources is a common yet preventable cause of data breaches. As an example, Microsoft reports that an account is 99.9 percent less likely to be compromised.
With another recommendation, Kahol suggests: “Additionally, organizations should look for security solutions that provide agentless real-time protection, offer encryption for data at rest, and enforce restrictions on what can be accessed from new, personal, or mobile devices—limiting the scope of damage or even preventing it entirely.”