Photo by Trevor Cleveland on Unsplash

Unofficial End of Summer Brings Bevy of Cloud Breaches

It’s beginning to feel a lot like Groundhog Day when it comes to data breaches in the cloud.

Groundhog Day wasn’t one of my favorite movies. If you haven’t seen it, it’s a 1993 movie starring Bill Murray who plays a weatherman who is sent to cover the weather forecasting groundhog only to discover that he is living Groundhog Day over and over and doing the same thing every day.

It’s beginning to feel a lot like Groundhog Day when it comes to data breaches in the cloud.

News broke over the holiday weekend (and it was most certainly not a slow news weekend), and it must have been a bad news weekend for many members of the military and intelligence agencies.

According to numerous news reports, the data on thousands on military and intelligence personnel were allegedly available for public access via unsecured AWS S3 bucket. A story in The HillThousands of military contractor files allegedly left online, unsecure explains that the files included personal contact information, such as addresses, phone numbers and private email addresses.

 “Chris Vickery, a researcher at security firm Upguard, said he discovered the unsecured set of resumes on a public-facing Amazon cloud server in July that was not protected by any form of login. Typically, this is the result of misconfigured security settings,” Joe Uchill of The Hill wrote.

The files are reportedly job applications filed to a North Carolina-based security firm TigerSwan. According to TigerSwan, the breach occurred with work it had contracted through a recruitment firm TalentPen.

According to reporting in The Hill story, the entire ordeal is a great example of the risks of both relying on third-parties to secure sensitive data as well as leaving cloud storage unchecked:

When Upguard contacted TigerSwan in July, TigerSwan said it believed Upguard was in error since TigerSwan does not store resumes on the Amazon cloud and since it believed TalentPen had both encrypted and deleted its copies. 

At the end of August, Upguard contacted Amazon, which had TalentPen remove the files, but did not reveal to Upguard that TalentPen was the customer. TigerSwan claims TalentPen never notified them, either.

“TalentPen never notified us of their negligence with the resume files nor that they only recently removed the files,” TigerSwan said in a statement.

TigerSwan said it was unaware that TalentPen had made the error until The Hill contacted them for a story earlier this week and raised the possibility that a recruiter had left the files online. Until then, TigerSwan argued the files were not theirs. 

“It was only when we reached out to [TalentPen] with the information on August 31st did they acknowledge their actions,” TigerSwan said in their statement. 

While that is certainly bad enough, it unfortunately the only big breach heading into the holiday weekend. On Friday, it was reported by MacKeeper Security Research Center that a cloud breach made some personal information pertaining to millions of Time Warner Cable customers publicly accessible.

This data breach was reportedly made possible by – you guessed it – a storage repository that was not properly configured and therefore anyone who knew how to look to access those data. “It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents. Not only could they access the documents but any “Authenticated Users” could have downloaded the data from the URL or using other applications. With no security in place just a simple anonymous login would work,” Bob Diachenko wrote in their post.

Additionally, according to MacKeeper, the cloud storage held a considerable amount of sensitive information and would take weeks to go through the data.

All of these stories ring familiar, as we covered similar events happening to Verizon and Dow Jones in Their Own Worst Enemy or earlier this year when we covered a string of data breaches involving poorly configured databases in Hadoop, CouchDB Users Latest Attack Targets.

Let’s face it, much like Bill Murray in 1993’s Groundhog Day, if organizations don’t get a handle on keeping their cloud deployments secure we’re going to continue to be writing and reading about such breaches next year, and the next year, and the year after that and we’re all going to know exactly how it feels to repeat the same day over and over. My guess is we won’t find it any more fun than Bill Murray’s lead character did.

About George Hulme

George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. For five years, Hulme served as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.

More posts by George

Tags: , , ,