Connect with us

Hi, what are you looking for?

Tech & Science

Online music marketplace Reverb suffers data loss (Includes interview)

A vintage 1974 Martin D28 Acoustic Guitar - Alex Allen
A vintage 1974 Martin D28 Acoustic Guitar - Alex Allen

Reverb were using an Elasticsearch server, and the issue was detected by security researcher Bob Diachenko. The data contained on the server consisted of 5.6 million records, including customer names, emails, addresses, listing/order information, and phone numbers. Each of these represented an item of personal information. Following the incident, the database was secured. However, it remains unknown for exactly how long the database was exposed for, according to Bleeping Computer magazine.

Looking into the incident is Anurag Kahol, who is the CTO and co-founder of Bitglass.

Kahol outlines to Digital Journal what the database exposure meant, in terms of its impact: “In this breach of more than 5.6 million records, individuals’ names, email addresses, phone numbers, and addresses were among the compromised information.”

This carries consequences, for while the amount of time the database was exposed is currently unknown, there was plenty of opportunity for “a malicious actor to have easily obtained access and leveraged the data for highly targeted phishing attacks.”

The data in the hands of the hacker is problematic, as Kahol explains: “Unfortunately, with this data in the wrong hands, victims’ physical safety could also be at risk. This further validates the need for complete visibility and control over all data across the IT ecosystem–including that which is stored in the cloud.”

There are different strategies that companies should be enacting in order to boost protection. Kahol summarizes these as: “To mitigate the risk of unauthorized access to sensitive data, organizations must adopt robust, flexible, and proactive cybersecurity platforms.”

Examples supplied by Kahol include: Data loss prevention (DLP), multi-factor authentication (MFA), user and entity behavior analytics (UEBA). To add to these, there is cloud security and posture management (CSPM) capabilities.

Kahol explains that “these technologies can give organizations visibility and control over customer information and guarantee it is truly secure.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The unanswered questions about the future of work have now achieved a level of stagnation normally seen in mausoleums.

World

The Tuol Sleng Genocide Museum in Phnom Penh has been added to UNESCO's World Heritage List - Copyright AFP -Suy SEThree notorious Cambodian torture...

Social Media

French police are investigating claims that social media network X, formerly Twitter, skewed its algorithm to allow "foreign interference."

World

Annual growth in oil demand fell from 1.1 million barrels per day (mbd) in the first quarter of the year to just 0.5 mbd...