Data Storage Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Wall Street Journal Customer Data Exposed

When you sign up to any online service, no matter how secure they claim to be, there’s always a risk that your data is going to end up in the wrong hands. It’s never possible to have a completely fool-proof system – and just because a company is large, doesn’t necessarily mean their security is going to be better than anyone else.

That’s been proven the case when more than 2 million Dow Jones customers have been left compromised. Dow Jones, the parent company of publications such as The Wall Street Journal and Barron’s, made a mistake in the access preferences of their cloud storage system.

Names, addresses, account information and the last four digitals of credit cards were viewable by anyone who had an Amazon Web Services account.

The exposure was found by Chris Vickery, director of cyber risk research at UpGuard, while he was looking for exposed data on the server. Dow Jones claimed to have rectified the issue a week later after Vickery reported it to them. Dow Jones have said that they “have no evidence of any of the over-exposed information” being taken.

It seems this issue occurred when a Dow Jones employee set the AWS bucket to be viewed by all AWS users, by the setting “Authenticated Users”, and not simply all employees of the company. By default, data is only available to the person who uploads it, but this can be adjusted so that files in a certain collection can be viewed or edited by others.

A similar thing happened previously with Verizon, when names, addresses and PINs of some customers were exposed on the platform. Verizon blamed that one on human error, saying that an employee of one of their contractors was at fault. Again, this was only discovered by a cybersecurity company – who knows how many companies are in similar situations without being aware.

Dow Jones chose not to let their customers know about the problem because no data was stolen and it didn’t include full credit card information or account login details that could pose a risk. However, the Wall Street Journal did report the story.

Experts in cybersecurity are warning that these types of leaks are probably going to become more common as companies turn to cloud storage solutions. While cloud storage is great for scalability, if they don’t understand security protocols then it can lead to problems like these.

Are the cloud storage providers themselves – in this instance, Amazon – to blame? AWS leads the way when it comes to enterprise storage, but they claim to operate a shared responsibility model. While Amazon provides the physical security and the platform, they give their customers the encryption tools and best practices to help them maintain their security. Perhaps some of these companies need to engage better with Amazon’s suggestions, and employ their own specialists, to better protect their customer’s data.

“When you have these complex systems and you force humans to solve the problem manually, we make mistakes,” says Nathaniel Gleicher, former director of cybersecurity during Obama’s administration. “Complexity is the enemy of security.”

Comments

No comments yet. Sign in to add the first!