Another day, another data breach – this time, database of an American company named Rigup has surfaced online containing highly sensitive data.
The company is known for providing services to energy companies across the United States along with hosting a labor marketplace.
Discovered by researchers at vpnMentor; the database contained over 76,000 confidential files worth 100+ GB. This sheds light on the enormous damage that could have been caused had a malicious actor instead gotten their hands on the database.
It all started on 8th March 2020 when an Amazon Web Service (AWS) S3 bucket was discovered with the name “ru” containing files that connected the ownership of the database to Rigup.
Afterward, the researchers informed both the company and Amazon receiving a response from the former on 8th April when they “took full responsibility for the leak and guaranteed a root cause analysis would be conducted.”
Ranging from over a span of almost 2 years from July 2018 to March 2020, the files contained a variety of sensitive information involving different stakeholders including clients, potential job candidates/applicants, and contractors.
Furthermore, files pertaining to human resources (HR) exposed personally identifiable information (PII) such as social security numbers, DOBs, photos, insurance policy numbers, tax forms, addresses, and phone numbers.
Moreover, resumes of employees and job seekers were also present giving out even more information such as one’s education which could be utilized in social engineering attacks.
Example of what was leaked:
Another chunk of the files included insurance documents, project outlines, proposals & applications related to corporate relations between different Energy firms.
By not securing its database, RigUp – a billion-dollar company – compromised the safety and security of the 1,000s of people across the USA. Had malicious hackers discovered this database, it would have been an absolute goldmine for various fraud schemes and criminal attacks against everyone involved, said vpnMentor’s team in a blog post.
To conclude, this is a common incident in the cybersecurity industry due to the lack of complexity involved and how easily it can be guarded against through a set of recommendations.
Some of the steps to secure databases are simple yet not implemented by database administrators. For instance, securing all databases with strong passwords and two-factor authentication, implementing access based control mechanism to only grant access to employees according to their needs which would reduce the risk of phishing, encrypting the data so it is useless if stolen and in this case, keeping the S3 bucket private.
This, however, is not the first time when a misconfigured S3 bucket has exposed such trove of data. Just a few days ago, a “secure” cloud storage provider exposed millions of customers’ data in plain-text. In another incident, a misconfigured S3 bucket exposed the US military’s social media spying campaign to the public.