1.5 billion sensitive documents on open internet - researchers

Washington - About 1.5 billion sensitive online files, from pay stubs to medical scans to patent applications, are visible on the open internet, security researchers said on Thursday.

Researchers from the cybersecurity firm Digital Shadows said a scanning tool used in the first three months of 2018 found mountains of private data online from people and companies across the world.

The unprotected data amounted to about 12 petabytes, or four thousand times larger than the "Panama Papers" document trove which exposed potential corruption in dozens of countries.

"These are files that are freely available" to anyone with minimal technical knowledge, said Rick Holland, a vice president at Digital Shadows.

Holland told AFP his team scanned the web and found unsecured files, adding "we didn't authenticate to anything".

The availability of open data makes it easier for hackers, nation-states or rival companies to steal sensitive information, Holland said.

"It makes attackers' jobs much easier. It shortens the reconnaissance phase," he added.

The researchers said in the report that even amid growing concerns about hackers attacking sensitive data, "we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured cloud storage, file exchange protocols, and file sharing services".

READ: Expect more 'hackers for hire' in 2018 - researchers

A significant amount of the data left open was from payroll and tax return files, which accounted for 700 000 and 60 000 files respectively, Digital Shadows said.

It noted medical files and lists were also weakly protected, with about 2.2 million body scans open to inspection.

Many corporate secrets were also out in the open including designs, patent summaries and details of yet-to-be-released products.

"While organisations may consider insiders, network intrusions and phishing campaigns as sources of corporate espionage, these findings demonstrate that there is already a large amount of sensitive data publicly available," the report said.

The researchers said about 36% of the files were located in the European Union. The United States had the largest amount for a single country at 16%, but exposed files were also seen around the world including in Asia and the Middle East.

About 7% of the data was in "misconfigured" Amazon cloud computing storage. Holland said the main problem was not in the cloud computing itself, but how users manage their data.

In some cases, users "are backing up their data to the [open] web without knowing it", Holland said.

The majority of the files found by Digital Shadows were exposed by poor security practices in servers and file-sharing protocols.

"Third parties and contractors were among the most common sources of sensitive data exposure," the report said.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

ZAR/USD
16.81
(-0.26)
ZAR/GBP
21.34
(-0.12)
ZAR/EUR
19.02
(-0.13)
ZAR/AUD
11.73
(-0.21)
ZAR/JPY
0.15
(+0.60)
Gold
1681.70
(+0.13)
Silver
17.39
(+0.17)
Platinum
815.55
(+0.35)
Brent Crude
41.90
(+5.78)
Palladium
1949.00
(+0.59)
All Share
54722.38
(+2.85)
Top 40
50199.80
(+2.79)
Financial 15
11467.53
(+4.66)
Industrial 25
74264.52
(+2.52)
Resource 10
49969.31
(+2.29)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
I'm not really directly affected
19% - 197 votes
I am taking a hit, but should be able to recover in the next year
26% - 268 votes
My finances have been devastated
29% - 296 votes
It's still too early to know what the full effect will be
26% - 261 votes
Vote