The recent mistaken exposure of the information of 8 million people due to an open Elasticsearch database exposed the danger not only of cloud storage security, but the importance of individuals keeping their personal information close to the vest.
Security researcher Sanyam Jain came across a database belonging to Ifficient, a company that gathered leads to sell by posting surveys and sweepstake offers. Those who went for the offers gave up a wide range of information, including their name, address, sex, phone number and email, Bleeping Computers reported. All this information eventually made its way into the open data base. Luckily, Jain was able to quickly find the discover the owners, he told Bleeping Computer.
Additionally, Ifficient quickly responded to the inquiry about the open data base and locked it down by May 11.
Colin Bastable, CEO of Lucy Security, did have a few choice thoughts for the people who decided it was a good idea to trade their PII for a chance at a sweepstake prize.
“As for the unsecured survey database, this is definitive evidence that at least 8 million of my wonderful fellow Americans are naive enough and greedy enough to believe in the tooth fairy. These 8 million people are probably already well known victims of the Dark Web,” he said.
