Poorly-configured online backup leaks US Air Force documents
Sensitive information related to the United States Air Force has been found exposed publicly on the internet, allowing anyone with a web connection to peruse them without authorisation and no need for a password.
The discovery was made by security researchers at MacKeeper who said that they had found gigabytes of files on an internet-connected backup drive that was not password-protected:
The most shocking document was a spreadsheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims. One example is an investigation into a Major General who is accused of accepting $50k a year from a sports commission that was supposedly funneled into the National Guard.
As ZDNet reports, the names and addresses, ranks, and social security numbers of more than 4000 US Air Force officers were included in the stash of personal information.
Further documents included phone numbers and contact information for workers and their spouses.
Clearly some of the details exposed through the security lapse would be of value to foreign intelligence agencies and criminal gangs, and could lead to blackmail attempts or identity theft.
What we don’t know is how long the information has been accessible online, and we also do not know if anyone other than the security researchers had managed to stumble across the exposed information.
But the truth of the matter is that we shouldn’t ever have to find ourselves in a question to ask such questions.
Whenever you decide to store information on the internet, particularly sensitive data, you should be doing your utmost to ensure that you have minimised the risk of it falling into the wrong hands.
That means always keeping your computer patched and running an up-to-date anti-virus, using encryption, enabling passwords and ensuring that the password chosen is a strong one, turning on additional authentication checks such as two-step verification and restricting the range of trusted IP addresses from where users can login from.
Finally, if something doesn’t need to be stored online – maybe it be wiser not to store it online in the first place?
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021