Cybersecurity research team vpnMentor detected a severe breach in the database of cloud storage solutions company Data Deposit Box, putting the private info of a whopping 270,000 customers at risk. The incident also exposed personally identifiable information (PII), which could compromise the safety and identity of affected clients.
The vpnMentor team, headed by Noam Rotem and Ran Locar, determined that the breach occurred in an “open Amazon D3 bucket” which is held by Data Deposit Box. The info contained by the database covers a wide variety of sensitive details. This includes admin login credentials, IP addresses, contact details and globally unique identifiers for resources (GUIDs).
Usernames and passwords also appeared in plain text, as well as the customer’s local computer name. Aside from credentials and personal details, the leak also exposed customers’ files which they stored on the cloud service. Compromised details include file name, type, size and file path.
The company, which is known for offering secure cloud backup storage, has more than 350,000 customers across the globe. Its services involve continuous backups of files in an unlimited number of devices. Usually, its customers are individual users and small businesses. It is based in Canada and has a presence in 84 countries.
Upon discovering the leak on December 25, 209, the team got in touch with Data Deposit Box on December 30, 2019, to share their research. They also provided information on how to address the problem. The company responded to vpnMentor and acted accordingly on January 6, 2020.
By that time, the firm closed the database. The cloud storage company also told the researchers that they have informed their customers regarding the issue and is working with them to safeguard their files and info.
‘Consequences for the entire industry’
The team noted that Data Deposit Box is not the only cloud storage service affected by this leak. According to them, “whenever a serious data breach occurs, it can have consequences for the entire industry.”
This is because other similar companies may face difficulties convincing new users to trust them and their service. On a brighter note, companies would be compelled to “do more” to ensure that they get customers’ trust and to provide more trustworthy services.
To protect their privacy, the vpnMentor team suggested that customers improve their online security. They recommended using a VPN to encrypt their online activity, conceal their IP addresses and mislead potential hackers.