Sprint Contractor Left AWS Bucket Containing Thousands Of Mobile Phone Bills Exposed

It has been reported that a contractor working for mobile giant Sprint stored hundreds of thousands of cell phone bills of AT&T, Verizon and T-Mobile subscribers on an unprotected cloud server. The AWS storage bucket had more than 261,300 documents, the vast majority of which were phone bills belonging to cell subscribers dating as far back as 2015. It was not protected with a password, allowing anyone to access the data inside. It’s not known how long the bucket was exposed.


EXPERTS COMMENTS
Colin Bastable, CEO ,  Lucy Security
December 07, 2019
The open nature of the database also supports the marketing/sales angle.
If American consumers knew how careless third parties are with their data, they would – or should – be shocked and angry. Presumably, this is either a sales or marketing contractor, hired to switch-sell customers from competitors, or a reseller working on cross-selling campaigns. A reseller would have access to multiple telcos’ subscribers. The open nature of the database also supports th ....
[Read More >>]
Satya Gupta, CTO,  Virsec
December 05, 2019
Organizations need to establish much stronger controls on who can set up and access cloud storage.
We’ve seen this same pattern of carelessness over and over. Far too many people with access to sensitive data can far too easily upload it to AWS or other cloud services, without ensuring basic security. Organizations need to establish much stronger controls on who can set up and access cloud storage. The bar also needs to be much higher for the cloud providers. AWS and others like to wash t ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
December 05, 2019
A more effective approach is to think ‘security first’.
It’s not that AWS or any other cloud service provider (CSP) isn’t secure, it’s what people with good intentions fail to do when putting sensitive data in the cloud. They fail to remember (or simply do not know) that some default configurations at CSPs do not ‘turn on’ effective (or even basic) data security - you have to activate security yourself, or only put data that’s already sec ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article