Poor security policies, storage misconfigurations, and human error can lead to the unintentional exposure of sensitive or confidential information.
Cybersecurity researcher Jeremiah Fowler recently stumbled upon a non-password-protected database that exposed over 700,000 documents from Australia’s leading smoke alarm installation and maintenance service online.
According to Fowler’s analysis, the data included 107 GB of files and documents from Smoke Alarm Solutions, including:
Source: vpnMentor
Following the discovery of the unprotected database, Fowler sent a responsible disclosure notice to inform the company of the leak, to which the company replied:
“We are aware of this data store. Its state is the unfortunate side effect of some work by a previous system integrator. We are actively migrating to a new customer management platform. We will block all access (or more likely, decommission) this data store as soon as we have migrated the data to our new platform”
Despite the disclosure, the researcher said the records remained accessible for about two months before the company restricted access.
All leaky databases come with privacy risks. In this case, if malicious actors had accessed and stolen the information, they could have unleashed highly convincing and targeted social engineering schemes against customers and technicians.
“Hypothetically, criminals could contact the property owner and reference the locations of alarms, installation date, invoice numbers, subscription plans, name of the technician, inspector, and other internal details to gain access to the property for criminal activities,” Fowler warned. “Another potential risk would be the alteration of an invoice to falsely claim there is an outstanding payment due and attempt to receive money, credit card data, or banking information.”
Now, while there is no evidence of misuse or that cybercriminals accessed and exfiltrated records from the company, the researcher urges customers to stay vigilant and adopt healthy cyber habits:
Pro tip:
Chat with Scamio, our AI-powered scam detector, online, via Facebook Messenger or WhatsApp. To receive recommendations and thwart security threats, just describe the details of a possible scam, copy-paste links, or upload screenshots and QR codes.
At Bitdefender, we put your security and online privacy above all else. On top of our award-winning security solutions to protect your devices against all phishing to fraudulent websites, opt for Bitdefender’s Digital Identity Protection service so you can stay on top of data breaches and leaks that can impact your identity and security.
Our dedicated identity protection service offers 24/7 alerts, a complete overview of your online footprint, and the industry's first Identity Protection Score, which helps you quickly understand the extent of a data breach and how it can impact your online safety, privacy and finances.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024