7 of Top 10 Breaches of 2021 Were in the Cloud (+ 3 Steps to Protect Yourself)

 

Last month, Security magazine posted an excellent roundup of the Top Ten Data Breaches of 2021. These breaches impacted over 50 million individuals, were globally dispersed, and struck various industries spanning financial services, manufacturing and utilities, healthcare, and government, and others. 

While a couple of them were new leaks or aggregations of previously breached data, the vast majority were fresh breaches, and almost all of them contained PII and other sensitive data.

More importantly, 7 out of the 10 breaches were confirmed to be from data stored in publicly accessible cloud repositories, highlighting the importance of proper data access control for cloud data. 

 

Breach

Description

Data Store

Android Data Leak

Various Android apps store user information in third-party cloud databases that are either unprotected or inadequately protected

Cloud

Thailand Visitors

Data from over 100 million visitors to Thailand was being stored on a cloud-based unprotected database

Cloud

Raychat

150M records from this Iranian social and business networking site were stored on an unsecured MongoDB instance

Cloud

Stripchat

Over 200M records of this adult cam site including email addresses, usernames, and IP addresses were stored on an unprotected Elastic cluster

Cloud

Socialarks

Over 200M records that contained PII, including those of high profile celebrities was available on an unsecured Elastic cluster 

Cloud

Brazilian Database

Over 100M records including PII information for Brazilian nationals was leaked. Based on the contents of the data, it is suspected to have originated from an Experian subsidiary in Brazli

Unknown

Bykea

Over 400 million records showing people’s full names, locations, and other personal information was stored on an unsecured Elastic instance

Cloud

Facebook

Phone numbers, email addresses, and other personal data for over 500M users was leaked onto a hacker forum

Unknown

LinkedIn

LinkedIn data for over 700M users, likely from previous breaches in past years, was available for sale

Unknown

Cognyte

Over 5B records (a subset of which include passwords and other data) from previous breaches were aggregated onto an unprotected Elastic cluster

Cloud

The clear takeaway here is that in the surge to move data to the cloud, typically in support of mobility and digital transformation initiatives, organizations are not taking sufficient steps to safeguard the data that they move to the cloud. Many of the breaches were of data stored in third party services like MongoDB and ElasticSearch that do offer adequate protection, but require customers to make use of those controls. 

Here are three steps you should be taking to implement data centric security and keep yourself and your organization out of the news this year:

  • Take a Data Inventory - For any cloud-based data, make sure that you have your arms around what sensitive data is available, who has access to it, and how it’s protected. This sounds basic and obvious, and yet the examples above highlight the fact that many organizations are not taking this elementary and crucial step.

 

  • Identify Dark Data - This is the data that’s out there but isn’t being used or accessed. Typically placed in the cloud in anticipation of an upcoming project, it gets forgotten and, over time, left unguarded. At best, it’s money you’re burning needlessly and can recoup. At worst, it’s adding an unnecessary threat surface to your organization.

 

  • Implement a Data Access Recertification Process - While the first two steps will identify any existing exposures you need to shore up, this final step will ensure that you remain protected going forward. For any data access, institute a recertification process that ensures that needless data access privileges are periodically pruned to enforce the principle of least privilege.

Moving your organizational data to the cloud is necessary to drive digital transformation. It is important to apply best practices in how that data is migrated and protected once it’s there. This is what we do and how we help our clients. Please contact us if we can be of service to you.