Microsoft Azure Cloud Data Leak: User Error?
An unprotected Microsoft cloud server database has exposed sensitive data from more than 80 million American households, hacktivists Noam Rotem and Ran Locar told vpnMentor. Microsoft has notified the database owner, and the database has been removed.
The 24 GB database included details about the number of people living in each household with their full names, marital status, income bracket, age and other sensitive information, vpnMentor stated. It was discovered as part of a web mapping project in which port scans were used to evaluate IP web blocks.
User Error Rather Than Microsoft Misstep
The massive public cloud data leak apparently involved user error rather than security issues at Microsoft Azure. Similar exposures surface regularly on Amazon Web Services (AWS), where users sometimes fail to properly configure their cloud settings to meet certain privacy settings.
Microsoft, Amazon and other cloud service providers have been launching numerous security-related tools and monitoring technologies to help partners and customers further lock down public clouds.
But one of the weakest links — user configuration error — remains a massive problem. Security consultants have been scouring public clouds for the configuration mistakes. Once discovered the consultants often publicize the exposures — both to earn attention but also to help users properly lock down their deployments.
AWS Data Leaks Persist
In addition to the aforementioned Microsoft data leak, several Amazon Web Services (AWS) data leaks recently were discovered, including:
- Alteryx: Misconfigured AWS cloud storage, exposing personal information from 123 million U.S. households.
- Verizon: Suffered two AWS-related leaks: a Verizon Wireless leak and a second exposure in which 14 million Verizon records were leaked.
- Time Warner Cable: Leaked 4 million customer records.
- WWE: Exposed 3 million customer records.
A cloud data leak puts an organization, its employees and its customers in danger. However, a virtual private network (VPN) ensures an organization can securely send and receive data across its networks and devices and minimize the risk of a cloud data leak, vpnMentor noted.
In addition, MSSPs can teach organizations about cloud data security and ensure they take the necessary steps to prevent cloud data leaks. MSSPs also can provide services to protect organizations’ cloud environments against internal and external cyber threats.