Data Leaks – The Threat Within
When we hear talk of data security, we often think of hackers. Mysterious figures attempting to access sensitive information for personal gain. Often though, the cause of data breaches can be much more innocent. While it may be comforting to hear you’re protected against external threats, sometimes the biggest dangers come from within.
Here are some high-profile examples of data overshare that didn’t require any hacking because internal processes left the door wide open.
In May 2020, Mercedes-Benz parent company Daimler had 9GB of company data leak due to flaw in their collaborative spaces access procedures.
A Swiss-based researcher discovered the a Daimler GitHub, a site used for developers to work collaboratively and store data. The researcher was then able to sign up for access using an unverified email address and access all of the data.
There was no check on which emails were authorised to use the site. Ideally Daimler would have prevented access to any unverified or external email addresses.
In 2014, actor Peter Capaldi was about take over in one of the most talked about roles in television, The Doctor in the new series of Doctor Who. With excitement building over the new series and new Doctor, the tension was broken by the leak of unfinished film and scripts from the show.
The BBC had uploaded the files to a publicly accessible FTP site to share with an oversees studio working on the show. The leak included six unfinished episodes which staff and fans struggled to contain in an effort to prevent them ruining the show for fans.
Surely Facebook, a titan of the modern online landscape, would be water-tight on security. Well you probably don’t need us to point out that’s just not true but here’s an example anyway.
In 2019, Facebook, already facing heavy criticism over data security, confirmed that data on up to 400 million accounts was unprotected and could be accessed by anyone looking for them. The data included phone numbers and Facebook ID’s on users from all across the world.
Jake Moore, cybersecurity specialist at ESET, said that “it seems crazy that personal data of this magnitude could be on a server unprotected, but this just highlights how data gets forgotten about and mistakes can happen.”
These examples serve as high-profile reminders that mistakes can and will happen. Most of the time it won’t be a hacker threatening your data security but someone just trying to their job who made an innocent mistake.
With proper processes and the right support, you can identify data overshare and minimise the risk to your business.
You can discover how ProvisionPoint help businesses secure their collaborative workspaces here.