Exposed files saw 50 percent uptick in last year

In the year since the Digital
Shadows Photon Research Team released its “Too Much Information” report, the
volume data exposed through online files stores like Amazon S3 buckets,
SMB-enabled file shares, and network attached storage (NAS) drives increased 50
percent – or 750 million files – in with researchers finding 2.3 billion files
exposed.

The information made vulnerable includes everything from passport scans and bank statements to credentials to health care and medical information. About half of the files were exposed through the Server Message Block protocol for file sharing, Digital Shadows said in its report, “Too Much Information: The Sequel.”

Misconfigured FTP services were responsible for 20 percent of the exposed files while Amazon S3 buckets accounted for eight percent and rsync, 16 percent. Thought they get a lot of publicity, the number of exposures on S3 servers actually decreased, the report showed. The exposures, many through third parties, present a challenge for companies trying to adhere to GDPR and other privacy and data protection guidelines.

“Our research shows that in a GDPR world, the
implications of inadvertently exposed data are even more significant. Countries
within the European Union are collectively exposing over one billion files –
nearly 50% of the total we looked at globally – some 262 million more than when
we looked at last year,” said Photon Research analyst Harrison Van Riper. “Some
of the data exposure is inexcusable – Microsoft has not supported SMBv1 since
2014, yet many companies still use it. We urge all organizations to regularly
audit the configuration of their public facing services.”

More than 17 million exposed files were found to have
been encrypted by ransomware, particularly the “NamPoHyu” variant, which accounted
for 2 million files.