Get an AI Summary of This Article
Want a quick summary? Let AI help you digest the key points from this article.
Summarize in
or
Over 600,000 sensitive files, including criminal histories, background checks, and property records, were left exposed online in an unprotected database owned by data brokerage SL Data Services, according to security researcher Jeremiah Fowler.
The breach, which was discovered in October, involved an Amazon S3 bucket that contained 644,869 PDF files totaling 713.1 GB, reported The Register. Fowler reported the issue multiple times over the course of two weeks, but the company did not respond to his efforts.
The exposed files contained personal details such as full names, addresses, phone numbers, email addresses, employment information, and even criminal records.
Among the data was information related to people convicted of serious offenses, including sexual misconduct, complete with case details and penalties. Though some of this data is publicly available, when combined with other information, it can create detailed profiles that increase the risk of identity theft, phishing, and other forms of cyberattack.
Fowler expressed concern about the potential dangers posed by the exposed data, noting that having access to personal and sensitive details allows criminals to target individuals, their families, and associates.
“The more information you have about someone, the easier it is to craft a convincing phishing attack,” he was quoted as saying. Criminals could use these records to obtain even more sensitive personal or financial information, adding to the security threat.
While SL Data Services eventually closed the S3 bucket, Fowler did not receive any acknowledgment or response from the company, The Register reported.
Secure Your Website With Cloudways Malware Protection Add-On
Cloudways’ built-in Malware Protection Add-on shields your site from threats without the need for extra plugins. Focus on growing your business, not troubleshooting security.
Despite no immediate evidence of malicious actors accessing the exposed files, the incident serves as a reminder of the risks associated with unsecured data.
SL Data Services, which provides property, background, and criminal data across the US, claims to offer various types of reports, including mortgage and tax information, crime records, and DMV data. Fowler noted that the database contained references to at least 16 different websites operated by the company, including PropertyRec, a site offering real estate and property research.
In addition to the lack of password protection, the database used easily identifiable file names, such as “First_Middle_Last_State.PDF,” which made the data easier to organize but also increased the risk of exposing personal information. Fowler suggests organizations storing sensitive data should implement stronger security practices, including using encrypted files, random identifiers, and regularly monitoring access logs for unusual activity.
This incident highlights the importance of securing sensitive information and the need for businesses to adopt stronger data protection practices. Using encryption, secure passwords, and carefully monitoring access to cloud storage can help prevent future breaches.
Get an AI Summary of This Article
Want a quick summary? Let AI help you digest the key points from this article.
Share This Article
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Hafsa Tahir
Hafsa is a content marketer who has been in the organic growth space for the past three years. With her background in Psychology and UX, she enjoys reading users' minds and is keen to try the most creative product marketing angles. Her copies scream: "you're not just a paycheck to us". Loves to crack unfunny jokes, pay gym fee and not go, and write psychologically disturbing short stories for some reason.
