A security researcher came across a non password protected database that was found to contain 1.5 million records. The documents included such valuable data as invoicing and payment records, references to reports and other potentially sensitive data. Most of the documents indicated or made references to a company called Inside Sales Solutions. The unsecured file was simply called ‘Shared’ and it was, until action was taken, open to any person who knew where to look.
Also of concern are the practices of unsecured file-sharing, which typically involves using peer-to-peer technology designed to enable files to be shared between users over an internet connection. This process generally includes the creation, editing, and storage of both documents and spreadsheets.
In response to Inside Sales Solutions’ exposed database, security expert Robert Prigge, CEO of Jumio, explains to Digital Journal why part of the problem is general security and the other part relates to weak passwords in general.
According to Prigge, too many databases are simply too easy to crack: “The unsecured database containing 1.5 million Inside Sales Solutions’ customer and partner records puts affected individuals at risk of being victimized for fraud. Exposing names, email addresses, passwords, addresses and phone numbers allows fraudsters to access any user account that was created with this information.”
The process is also easier for criminals these days due to automation, here: “Criminals can leverage bots and credential stuffing to try these login credentials across countless websites (including banking portals, social media accounts, healthcare sites and more) in search of an opening.”
Overall, Prigge says, for preventative measures the main thing to consider is whether the password itself has reached the end of its usefulness and instead alternative forms of security verification should be considered.
Prigge recommends: “While exposing personal data due to a lack of password protection is a serious security lapse, passwords in general can no longer be trusted to keep data safe in today’s fraud environment since anyone with the account password can log in and pose as the user. Biometric authentication — using a person’s unique human traits to verify identity — is a more secure solution, ensuring data can only be accessed by authorized users and keeping data secure and out of fraudsters’ hands.”