Cybersecurity team Safety Detectives discovered an open Elasticsearch server, hosted by Google Cloud connected to MyCastingFile. The database was not secured via any form of authentication and in total, close to 10 million records were exposed. Upon investigation, the team found that over 260,000 users of the website had their profiles leaked, including aspiring actors and potentially members of staff.
In total, around 10 million records were leaked from the New Orleans-based company. This adds up to around 1GB in size, according to ZDNet.
Looing into the matter, Chris DeRamus, VP of Technology, Cloud Security Practice, DivvyCloud by Rapid7, provides expert commentary: “Unfortunately, security practices for businesses to date have been mainly reactive, as teams scramble to remediate cloud infrastructure misconfigurations only after data has been exposed. In this particular incident, MyCastingFile.com was quick to secure the server, but it was not until after the leak had occurred and sensitive customer and employee data was left vulnerable for anyone to access and potentially abuse.”
Based on the inherent vulnerabilities, DeRamus warns: “Leaving a database unsecured is one of the most common causes of data leaks and breaches. Organizations that house personally identifiable information (PII) require continuous security and compliance in the cloud, and the most effective way to do that is not after a breach, but before.”
In terms of preventative measures, DeRamus recommends: “Enterprises should take proactive steps to prevent cloud misconfigurations by “shifting left” and incorporating preventative measures into their continuous integration (CI) and continuous delivery (CD) pipelines before runtime. This method will ensure that from the start, companies are maintaining the proper security to house customers’ sensitive information and avoid damaging data leaks.”
