SQL Server with Mr. Denny

Jul 8 2019   4:00PM GMT

For the Love of God, Stop Exposing Company Information

Denny Cherry Denny Cherry Profile: Denny Cherry

Tags:

Companies (and the employees at them) need to stop posting private company information on the Internet. And they really need to stop posting private information in public spots with no password.  Just last week yet another company was found to be doing something stupid.  In this case, they had tons of information posted to an S3 bucket, and there was no password on the S3 bucket.  In this S3 bucket, they had backups from systems, One Drive backups from employees, credentials for customer environments, keys for their production environments, etc.

“System credentials can be found in a number of places in the Attunity data set and serve as a useful reminder of how that information might be stored in many places across an organization’s digital assets,” UpGuard researchers said in a report published yesterday.

This information should have never been posted to a publically accessible location, much less one without a password.  There’s no good reason why things like system credentials would be posted online.

As IT workers, we have to do better than this.  We just have to.  There are too many people out there who would do bad things with this information if they got there hands on it.

Do I have a solution, no I don’t. But this really isn’t a problem that needs a technical solution. Whoever did this, simply shouldn’t have done it. There is no excuse for exposing anything much less this much information.

Denny

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: