Across the globe there are more than 3.5 billion people who use social media in some capacity. Whether it’s posting life events to Facebook, networking on LinkedIn, or uploading selfies on Instagram, the average person spends at least 3 hours of their day on social media. When users join these platforms, they give their names, ages, phone numbers, emails, and sometimes even addresses with the expectation that their information will be protected. Unfortunately, that expectation is not alway met.
According to ThreatPost, SocialArks, a Chinese startup, exposed the data of 214 million social media users due to a misconfigured ElasticSearch database. The database was left open and unprotected leaking over 318 million records. These records included names, phone numbers, emails, and pictures from users on Facebook, Instagram, and LinkedIn that SocialArks had scraped for their database. All three platforms prohibit scraping in their terms and conditions so how SocialArks acquired some of the sensitive data remains to be unknown. SocialArks is familiar with this kind of thing as they suffered a similar breach in August that exposed 150 million users. Breaches, like the one SocialArks faced, are generally attributed to companies not making adequate and appropriate investments into cloud security. Leaving databases open and unprotected invites anyone to come in and access the information. Cloud misconfigurations remain the number one source of cloud data breaches.
Most developers and engineers aren’t trained on security, so misconfigurations leading to exposed data and breaches will continue to happen until these companies start making adequate and appropriate investments into cloud security. Leaving databases open and unprotected invites anyone to come in and access the information, turning the headlines away from the company’s innovative efforts, and instead focusing them on their latest data breach.
DivvyCloud by Rapid7 protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud by Rapid7 customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.