Reverb were using an Elasticsearch server, and the issue was detected by security researcher Bob Diachenko. The data contained on the server consisted of 5.6 million records, including customer names, emails, addresses, listing/order information, and phone numbers. Each of these represented an item of personal information. Following the incident, the database was secured. However, it remains unknown for exactly how long the database was exposed for, according to Bleeping Computer magazine.
Looking into the incident is Anurag Kahol, who is the CTO and co-founder of Bitglass.
Kahol outlines to Digital Journal what the database exposure meant, in terms of its impact: “In this breach of more than 5.6 million records, individuals’ names, email addresses, phone numbers, and addresses were among the compromised information.”
This carries consequences, for while the amount of time the database was exposed is currently unknown, there was plenty of opportunity for “a malicious actor to have easily obtained access and leveraged the data for highly targeted phishing attacks.”
The data in the hands of the hacker is problematic, as Kahol explains: “Unfortunately, with this data in the wrong hands, victims’ physical safety could also be at risk. This further validates the need for complete visibility and control over all data across the IT ecosystem–including that which is stored in the cloud.”
There are different strategies that companies should be enacting in order to boost protection. Kahol summarizes these as: “To mitigate the risk of unauthorized access to sensitive data, organizations must adopt robust, flexible, and proactive cybersecurity platforms.”
Examples supplied by Kahol include: Data loss prevention (DLP), multi-factor authentication (MFA), user and entity behavior analytics (UEBA). To add to these, there is cloud security and posture management (CSPM) capabilities.
Kahol explains that “these technologies can give organizations visibility and control over customer information and guarantee it is truly secure.”