Breach, Channel partners, Content

Microsoft Azure Cloud Data Leak: User Error?

Credit: Microsoft Azure

An unprotected Microsoft cloud server database has exposed sensitive data from more than 80 million American households, hacktivists Noam Rotem and Ran Locar told vpnMentor. Microsoft has notified the database owner, and the database has been removed.

The 24 GB database included details about the number of people living in each household with their full names, marital status, income bracket, age and other sensitive information, vpnMentor stated. It was discovered as part of a web mapping project in which port scans were used to evaluate IP web blocks.

User Error Rather Than Microsoft Misstep

The massive public cloud data leak apparently involved user error rather than security issues at Microsoft Azure. Similar exposures surface regularly on Amazon Web Services (AWS), where users sometimes fail to properly configure their cloud settings to meet certain privacy settings.

Microsoft, Amazon and other cloud service providers have been launching numerous security-related tools and monitoring technologies to help partners and customers further lock down public clouds.

But one of the weakest links -- user configuration error -- remains a massive problem. Security consultants have been scouring public clouds for the configuration mistakes. Once discovered the consultants often publicize the exposures -- both to earn attention but also to help users properly lock down their deployments.

AWS Data Leaks Persist

In addition to the aforementioned Microsoft data leak, several Amazon Web Services (AWS) data leaks recently were discovered, including:

A cloud data leak puts an organization, its employees and its customers in danger. However, a virtual private network (VPN) ensures an organization can securely send and receive data across its networks and devices and minimize the risk of a cloud data leak, vpnMentor noted.

In addition, MSSPs can teach organizations about cloud data security and ensure they take the necessary steps to prevent cloud data leaks. MSSPs also can provide services to protect organizations' cloud environments against internal and external cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.