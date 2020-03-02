Experts Insight On Israeli Firm Leaks Addresses Of Millions Of Americans & Europeans

It has been reported that Israeli marketing company Straffic has leaked personal sensitive data of millions of unsuspecting users mostly from the US and Europe. The leak took place due to a misconfigured Elasticsearch database. Unlike other data breaches involving search engine software Elasticsearch, where databases are accessible without a password due to misconfiguration, the database was protected in this case. However, the password to access the database was in a plaintext file exposed to the public on another domain. Originally, the database was identified by a security researcher “@0m3n” who gained access to 140 GB worth of records. This included 49 million unique e-mail addresses, names, gender, telephone numbers and addresses of Americans and Europeans.

EXPERTS COMMENTS
Raif Mehmet, Sales Director ,  Bitglass
March 02, 2020
Proxying all traffic to the server introduces a zero trust cloud which leads to contextually aware network access.
PII (personal Identifiable information) stored on servers in the cloud or web facing should be protected, and for European data under GDPR must be protected. Since this server was clearly accessible via the web and there was no network perimeter security challenging potential hackers, the best way to secure this type of service is with a Zero Trust CASB. Proxying all traffic to the server intr ....
Adam Brown, Manager of Security Solutions ,  Synopsys
March 02, 2020
A model of the design of the system with a threat model overlaid would have identified the key to the database as an asset.
When controlling and processing huge amounts of data like this firms have a huge responsibility to process it legitimately and securely. I’m sure there will be questions from the supervisory authorities of the home nations of the European persons represented in that list – did the firm really have the right to keep and process each one / any of those personal records? That in itself is a major ....
