POST Online Media Lite Edition


No privacy: 1.5 billion sensitive documents on open internet

Staff Writer |
Digital Shadows outlined the sheer scale of sensitive business and consumer files exposed online putting organizations and their customers at risk.

Article continues below

Over the first three months of 2018, Digital Shadows detected over one and a half billion (1,550,447,111) publicly available files across open Amazon Simple Storage Service (S3) buckets, rsync, Server Message Block (SMB), File Transfer Protocol (FTP) servers, misconfigured websites, and Network Attached Storage (NAS) drives.

This number amounts to over twelve petabytes (12,000 terabytes) of exposed data. For context, this is over four thousand times larger than the Panama Papers leak, which was 2.6 terabytes.

The most common data exposed was payroll and tax return files, which accounted for 700,000 and 60,000 files respectively.

However, consumers are also at risk from the exposure of 14,687 incidents of leaked contact information and 4,548 patient lists.

In one instance, a large amount of point of sale terminal data, which included transactions, times, places, and even some credit card data, was publicly available.

Interestingly, while issues surrounding misconfigured Amazon S3 have attracted many headlines in months due to exposed data incidents, in this study they only account for 7% of exposed data Digital Shadows discovered.

Instead it is older, yet still widely used, technologies – such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) which have contributed the most exposure.

Of all the data an organization seeks to control, intellectual property (IP) is among the most precious.

Digital Shadows detected many occurences of this confidential information. For example, a patent summary for renewable energy in a document marked as “strictly confidential” was discovered.

Another example includes a document containing proprietary source code that was submitted as part of a copyright application.

This file included the code that outlined the design and workflow of a site providing software Electronic Medical Records (EMR), as well as details about the copyright application.

Third parties and contractors were identified as one of the most common sources of sensitive data exposure.

A shocking amount of security assessment and penetratation tests was discovered.

In addition, Digital Shadows identified consumer back up devices that were misconfigured to be Internet-facing and inadvertently making private information public.

What to read next

Quarter of American accessing internet via free public Wi-Fi
Facebook started among students; lost students
Organisations are not doing enough to protect data privacy