More than 2 million Dow Jones customer data exposed after Amazon AWS S3 downtime
Earlier this year, the malicious events of Amazon AWS S3 downtime surged, causing the Amazon S3 main data center to be unresponsive, leading to the longest and most influential public cloud service in AWS history.
In just a few months, the security incident of Amazon AWS S3 cloud data has again attracted the attention of kaivps.com.
According to the latest news from foreign media, 2.2 million Jones "private information", including "Wall Street Journal" subscribers, has been accessed without authorization due to the wrong configuration of Amazon's cloud storage server.
After the incident, a Dow Jones International spokesman said that Amazon AWS' information was overexposed, American VPS Rather than the open Internet. "This is due to internal errors, not hackers or attacks."
The affected data include name, email address, address, internal account details, the last four digits of credit card number and emergency contact telephone number.
It is understood that a Dow Jones spokesman described the data as "basic contact information" and said that "it does not include the complete credit card or account login information that may pose a major risk to consumers or need to be notified". He said that the company had no evidence that the information had been passed. According to the authoritative security research company UpGuard, they reported security problems to Dow Jones in early June. Jones Jones discovered the data of Amazon's Simple Storage Services (S3) repository. According to them, the repository configuration is incorrect and can be accessed by any user with an Amazon Web Services (AWS) account.
It is reported that Amazon's cloud computing platform has more than one million users and has registered an account. The service is free.
According to the research report, "It is not difficult for hackers to use phishing information to attack exposed customers." "When sending an official e-mail, the sender claimed that" The Wall Street Journal "(WSJ), the message showed that customers whose subscriptions had expired or been stolen were notified. The hackers might successfully persuade these high-value targets, providing credit card information, login credentials, etc. “
UpGuard also found data from Dow Jones Risk and Compliance Services, US server Collected information about high-risk individuals and organizations to help the company comply with regulatory obligations related to money laundering, bribery, corruption and sanctions.
Dow Jones speakers said the data were limited to public channels such as newspaper articles and government watch lists. "It does not contain any customer information".
In addition, foreign media reported that this was not the first time that UpGuard could not find security sensitive data in Amazon S3 repository. Last week, the company reported that the names, addresses and personal identification numbers (PINs) of millions of Verizon customers were found in the publicly accessible Amazon S3 "bucket". The event is the result of human error of NICE Systems, a data analysis provider used by Verizon.
In the past few years, the personal information of millions of people, including children, has been exposed. Because of configuration errors, the databases of various companies have been publicly accessed on the Internet. These events indicate that organizations need to better understand the access control mechanisms for moving data to the cloud.
