Kromtech researchers recently found a misconfigured CouchDB database which affected information of 593,328 Alaskan voters.
“When the database was configured, administrators bypassed important security settings that were set to ‘public’ instead of ‘private,’ allowing anyone with an Internet connection to gain access [to] the repository,” Kromtech chief security communications officer Bob Diachenko wrote in a blog post analyzing the breach.
TargetSmart CEO Tom Bonier mentioned that the breach was due to the third party. “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure,” he said.
Kromtech vice president of strategic alliances Alex Kernishniuk said that system needs to be updated”This is yet another wakeup call for companies, governments, and political organizations to audit their networks, servers and storage devices and ensure they take the proper security precautions,” he said.
Kromtech also discovered another breach where it affected 3,065,805 WWE fans’ personal information and 48,000 Indian citizens’ personal data.
Dome9 co-founder and CEO Zohar Alon told eSecurity Planet by email that it’s more important than ever for companies to define strict controls and practices for the handling of sensitive data.
“Attackers are looking for two things: repositories with data of value to organizations, and weak security practices,” he said.
“As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, and exploit commonly known security gaps such as misconfigurations,” Alon added.
“With 2017 having already set new records in terms of the magnitude of cyber attacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields,” Bitdefender Senior eThreat Analyst Bogdan Botezatu said in a statement.
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.