8 million give away PII data to vulnerable database

News by Doug Olenick

The recent mistaken exposure of the information of eight million people due to an open Elasticsearch database exposed the dangers of cloud storage security, & the importance of valuing PII data.

The recent mistaken exposure of the information of eight million people due to an open Elasticsearch database exposed the danger not only of cloud storage security, but the importance of individuals valuing their personal information.

Security researcher Sanyam Jain came across a database belonging to Ifficient, a company that gathered leads to sell by posting surveys and sweepstake offers. Those who went for the offers gave up a wide range of information, including their name, address, sex, phone number and email, Bleeping Computer reported. All this information eventually made its way into the open data base. Luckily, Jain was able to quickly discover the owners, he told Bleeping Computer.

Additionally, Ifficient quickly responded to the inquiry about the open data base and locked it down by 11 May.

Colin Bastable, CEO of Lucy Security, did have a few choice thoughts for the people who decided it was a good idea to trade their PII for a chance at a sweepstake prize.

"As for the unsecured survey database, this is definitive evidence that at least eight million of my wonderful fellow Americans are naive enough and greedy enough to believe in the tooth fairy. These eight million people are probably already well known victims of the Dark Web," he said.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop