Cloud Security, Privacy

Unsecured Azure Blob leaks over 40K US students’ data

Microsoft Azure company logo on a website with blurry stock market developments in the background, seen on a computer screen through a magnifying glass.

Digital Pix & Composites, a professional photography firm specializing in graduation, fraternity, and sorority composites, had personal information from 43,000 students from 222 universities across the U.S., including Stanford University, the University of Maryland, University of Texas, and Washington University, exposed as a result of a misconfigured Microsoft Azure Blob instance, according to Cybernews.

Discovered within the 469 text files found from the exposed online storage service were individuals' full names, addresses, attended schools, and affiliated fraternities or sororities, reported the Cybernews research team.

Digital Pix & Composites was already informed regarding the compromise but has not yet acted to secure the database, noted researchers, who emphasized that the exposed information could be leveraged by attackers to facilitate doxing, spear-phishing, and social-engineering attacks.

Organizations have been urged to mitigate compromise by tracking access logs for unauthorized access, ensuring updated Azure Blob permissions and access controls, omitting unneeded public access configurations, and bolstering logging and monitoring activities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.