Domain: upguard.com
Stories and comments across the archive that link to upguard.com.
Comments · 2
-
Re:governments/regulators will do ?
They don't know whether or not customer data was exposed. When you give up the keys to the kingdom, logs can't be trusted.
That's an assumption based on
... what, pray tell? From TFA: Said bucket, named “pinapp2,” contained the “keys to the kingdom,” according to the security firm, including internal network diagramming, network hardware configuration photos, details and inventory lists—as well as lists of plain text passwords and AWS secret keys for Pocket iNet employees.Also: “Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business,” noted UpGuard.
“If such documents must exist, they should be strongly encrypted and stored in a known secure location,” said the firm.
“Unfortunately, a single folder of PocketiNet’s network operation historical data (non-customer) was publicly accessible to Amazon administrative users,” the ISP said in a statement to Motherboard. “It has since been secured.”
The report from UpGuard is interesting and informative reading. As nasty as this breach was, there's certainly no indication that customer data was exposed other than a list of priority corporate customer names. There's certainly the possibility that PocketiNet’s network could have been breached if a bad actor stumbled across the exposed AWS bucket, but there's no evidence that this actually happened.
-
Why this leak?
Honestly curious: why has this raised so much more ire than, for example, another recent huge leak of data on 200 million Americans by the RNC, which included âoemodeled voter ethnicities and religions"? https://www.upguard.com/breach...