Your Child's Personal Information May Already be Exposed Due to Poor Cloud Safety
A cyber security research by Comparitech found that 6 percent of all Google Cloud ‘buckets’ are not configured safely. Among other vulnerable files, researchers found over 6,000 identification documents of Indian children.
- Last Updated: September 23, 2020, 18:00 IST
- FOLLOW US ON:
Cloud data storage and hosting has been an imperative part of the pandemic-imposed new normal. As more and more of us shifted to working from our homes, enterprises have steadily migrated to hosting their data on cloud servers. Of all the cloud services available across the world, Amazon Web Services and Google Cloud have been among the most popular. Now, a cyber security research study undertaken by Comparitech has revealed that a considerably large chunk of data hosted on cloud servers are not configured securely. In simpler terms, this lack of security is what may account for a large chunk of reports about cyber security breaches, every day.
Alongside this rather direct security threat, Comparitech’s researchers also found, among other files, over 6,000 documents such as passports, birth certificates and extensive personal profiles belonging to children in India. Such documents are typically stored by companies, who source these identification documents on behalf of their employees or customers. With the work from home model implemented, these companies have had to resort to cloud storage servers in order to make files remote accessible to employees working from home. In process, the key issue that researchers at Comparitech have underlined is the lack of secure server configuration.
Speaking about this issue, Paul Bischoff, security advocate at Comparitech, says, “About six percent of all Google Cloud buckets are misconfigured and/or vulnerable to attack, according to an analysis of 2,064 buckets. 131 of the buckets were vulnerable to unauthorised access by users who could list, download, and/or upload files. Those buckets can contain confidential files, databases, source code, and credentials, among other things. Attackers could exploit these vulnerabilities to steal data, compromise websites, and launch further attacks.”
The apparent nature of this flaw lies in misconfiguring cloud storage ‘buckets’, which has a specified technique that enterprises are recommended to follow. These techniques ensure that the servers are not visible in public domain, do not list the available data publicly, and impose stringent credentials to restrict access. However, a lackadaisical approach to cyber security means that these cloud folders are often misconfigured, leading to them being available for anyone looking to snoop for documents willingly. This is, in fact, a very regular feature that cyber security experts, researchers and ethical hackers continue to discover every second day. Such confidential data have been leaked from government databases, international student bodies and many more sectors.
Given that we may continue to work from home extensively in the future, it is important for enterprises to impose a higher degree of vigilance when it comes to storing data in cloud servers and keeping them safe. Breaching of personal documentation is a regular cyber risk that can put anyone’s residential addresses and other particulars in the open, hence compromising their privacy if such cloud buckets fall in the wrong hands.