Windows 10 News and info | Forum
December 15, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: 1.2 BILLION people’s data found on Google Cloud server single-source data leak  (Read 88 times)
riso
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Netherlands Netherlands

Posts: 6167


Beta tester Tech support dedicated 110%


WWW Email
« on: November 23, 2019, 06:06:40 PM »
ReplyReply

Profiles and contact info found on unsecured Google Cloud server. A massive four-terabyte trove of sensitive personal data belonging to over a billion profiles has been found on an unsecured Google Cloud server - its owner still a mystery - in one of the largest single-source data leaks ever.
The mountain of data, including phone numbers, email addresses, and social media profiles, was sitting unprotected on an anonymous server hosted on the Google Cloud when security researchers Vinny Troia and Bob Diachenko found it while scanning for vulnerabilities last month. After they reported the massive exposure to the FBI, it disappeared within hours. It’s not clear who accessed it before Troia and Diachenko, and what they did with the data, but the sheer enormity of the leak, with 1.2 billion unique data profiles potentially slurped up by malicious actors, is enough to cause alarm.
The information was likely obtained in four chunks from so-called “data enrichment” companies, Troia suggested in a blog post on Friday announcing his discovery. These entities allow a customer to use a single piece of information on a person, even just their name, to access potentially hundreds more data points - anything from email address to preferred social activities. Two data enrichers - People Data Labs and OxyData.io - were discovered to be the sources for the data on the rogue server.
However, after communicating with both companies, Troia was satisfied that the server did not belong to either. Its owner could have bought the data from them and just left it lying around unsecured - without any further information about the server’s owner, there was little that could legally be done.
That doesn’t solve the problems of the 1.2 billion people whose private information is now floating around in the ether. Data enrichers pass the responsibility for securing the data they sell onto the customers as soon as the transaction is completed. If that customer’s security lapses, no one is responsible for telling the person whose data is now being pilfered by who knows how many malicious actors that they’ve - as a popular site for learning what your data is up to puts it - been ‘pwned.’ As usual, data privacy law lags far behind technology.
Via rt.com, pic © Pixabay / marcusspiske
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page December 06, 2019, 12:12:28 PM