upguard
Latest
Amazon AWS error exposes info on 31,000 GoDaddy servers
Data leaks are par for the course these days, and the latest company to be involved in one is GoDaddy. The company, which says it's the world's top domain name registrar with over 18 million customers, is the subject of a new report from cybersecurity firm UpGuard that was shared exclusively with Engadget. In June, cyber risk analyst Chris Vickery discovered files containing detailed server information stored in an unsecured S3 bucket -- a cloud storage service from Amazon Web Services. A look into the files revealed multiple versions of data for over 31,000 GoDaddy systems.
A look at the ad-targeting tools AggregateIQ left exposed online
Throughout discussions about Cambridge Analytica, parent company Strategic Communication Laboratories (SCL) and how they came to obtain information on some 87 million Facebook users, you've probably also heard the name AggregateIQ. The Canada-based data firm has now been connected to Cambridge Analytica operations as well as US election campaigns and the Brexit referendum. Now, cybersecurity firm UpGuard has discovered a large code repository that AggregateIQ left exposed online, and through that we're getting a better look at the company, what it does and how it does it.
UpGuard’s new security tool automatically spots firms' data leaks
Cybersecurity firm UpGuard discovered a lot of unintentionally exposed data last year. Among its findings were classified US Army and NSA data, 14 million Verizon customer records, personal information of nearly 200 million US citizens, Pentagon intelligence info, personal information of 1.8 million Chicago residents and intelligence data connected to intelligence contractor Booz Allen Hamilton. The company has repeatedly found sensitive data left exposed on unprotected servers and in all, it has discovered a massive sum of over 335 million records. But finding breaches can be a rather time-consuming process, which is why so many go undiscovered by the companies meant to be protecting the exposed data. However, UpGuard announced today that it's launching a service that automates the techniques the company's team has been using to hunt down data breaches, allowing its customers to spot exposed data in real time and secure them more rapidly.
Classified US Army and NSA data was stored on an unprotected server
Earlier this month, researchers at UpGuard reported that US military intelligence gathering data had been stored on a misconfigured Amazon Web Services S3 server that wasn't password protected and was publicly viewable. While the data in that leak appeared to consist entirely of collected public internet posts and news commentary, not private information, the team at UpGuard today reports another US government data leak, this time containing clearly classified information.
Pentagon left public intelligence gathering data on exposed server
Even intelligence gatherers aren't immune to making mistakes that leave data wide open. Researchers at UpGuard have revealed that the US military's Central Command and Pacific Command left "at least" 1.8 billion collected internet posts exposed on a misconfigured Amazon Web Services S3 server. Some of the data goes as far back as 2009. There doesn't appear to be any private content in the mix, and it's not clear that malicious intruders accessed it before the Department of Defense locked things down on October 1st (after notification from UpGuard). However, the exposure still raises concerns about both the government's approach to security and the kind of information it's collecting.
Accenture left four servers of sensitive data completely unprotected
UpGuard has yet again uncovered a trove of corporate data left unprotected, this time from major consulting and management firm Accenture. The data -- contained on four cloud-based storage servers -- were discovered by UpGuard Director of Cyber Risk Research Chris Vickery in mid-September and weren't protected by a password. Anyone with the servers' web addresses could download the stored information, which included decryption keys, passwords and customer info. And Accenture's client list includes a number of large companies. On its website, Accenture says its clients "span the full range of industries around the world and include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500."
Voting machine supplier exposes 1.8 million voter records
Cybersecurity firm UpGuard has discovered that personal information from over 1.8 million Chicago residents was unintentionally exposed by voting machine supplier Election Systems & Software (ES&S). The backup files of voter data were found on an Amazon Web Services device and weren't protected with a password.
