More than 2.3 billion documents, including highly sensitive customer data, are believed to be sitting on publicly accessible online storage systems, putting companies across the world at risk of breaching data protection legislation.
More than 2.3 billion documents, including highly sensitive customer data, are believed to be sitting on publicly accessible online storage systems, putting companies across the world at risk of breaching data protection legislation.
According to security research firm Digital Shadows, this figure has risen by nearly 750 million in the past 12 months alone.
Despite the sharp rise in the total number of files left exposed, researchers did see a decline in the number of files being leaked through so-called simple storage service (S3) "buckets" on Amazon Web Services, which have in the past been responsible for some of the largest data leaks.
Experian data on millions of America and British consumers was exposed in 2017, while similar leaks also hit the NSA, WWE, Accenture and, most recently, a third party app built from Facebook data.
Due to changes in the way S3 buckets are configured, researchers found only 1,895 exposed files on May 16, compared to around 16 million prior to default encryption being added.
However, this is overshadowed by a dramatic rise in the number of files expose through the server message block (SMB) protocol, amounting to 1.1 billion or roughly 48% of exposed business documents.
This compares against 20% of files made public through misconfigured FTP services, and 16% of the 2.3 billion documents exposed via rsync sites.
Another example centred on medical data, with 4.7 million medical-related files exposed. The majority of these were medical imaging files, which doubled in volume from 2.2 million last year to 4.4 million today.
Photon Research analyst Harrison Van Riper said: "Our research shows that in a GDPR world, the implications of inadvertently exposed data are even more significant. Countries within the EU are collectively exposing over a billion files - nearly 50% of the total we looked at globally - some 262 million more than when we looked at last year.
"Some of the data exposure is inexcusable - Microsoft has not supported SMBv1 since 2014, yet many companies still use it. We urge all organisations to regularly audit the configuration of their public facing services."
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024