The recent mistaken exposure of the information of 8 million
people due to an open Elasticsearch database exposed the danger not only of
cloud storage security, but the importance of individuals keeping their
personal information close to the vest.
Security researcher Sanyam Jain came across a database
belonging to Ifficient, a company that gathered leads to sell by posting
surveys and sweepstake offers. Those who went for the offers gave up a wide
range of information, including their name, address, sex, phone number and
email, Bleeping
Computers reported. All this information eventually made its way into the
open data base. Luckily, Jain was able to quickly find the discover the owners,
he told Bleeping Computer.
Additionally, Ifficient quickly responded to the inquiry
about the open data base and locked it down by May 11.
Colin Bastable, CEO of Lucy Security, did have a few choice
thoughts for the people who decided it was a good idea to trade their PII for a
chance at a sweepstake prize.
“As for the unsecured survey database, this is definitive
evidence that at least 8 million of my wonderful fellow Americans are naive
enough and greedy enough to believe in the tooth fairy. These 8 million people are probably already
well known victims of the Dark Web,” he said.
Gloss