Cloud Storage Error at Dow Jones Exposes Customers
In another glaring incident of cloud security problems, contact information of more than 2.2 million customers of Dow Jones & Co, including many subscribers of Wall Street Journal were exposed. This exposure is believed to be due to a configuration error on a cloud storage.
Yet again, this incident has happened on one of Amazon’s cloud servers. We recently reported another such outage on Amazon’s S3 storage. Such a continuing trend could be a spot of bother for Amazon’s customers who rely on its service for their data security and reliability.
The exposed data include names, email addresses, home addresses, the last four digits of credit card numbers, telephone numbers and internal account numbers. A spokesperson from Dow Jones has said that these are all just basic information and nothing sensitive like credit card numbers and bank account details have been lost.
But is this not bad enough?
Why should strangers know a person’s name, address or email address? It can lead to a possible security threat, both on the digital and physical world. There’s a specific reason why we safeguard our personal details and the last thing we want is a service to expose them to the world.
While Dow Jones may think it’s trivial, it’s really not because malicious actors can come up with different ways to phish money from unsuspecting customers. For example, a malicious actor could send an official looking mail from The Wall Street Journal that the subscription is up for renewal and can redirect them to a phony website to collect their credit card or bank account details.
Of course, a consolation here is that it was exposed “only on Amazon’s internal network” and not on the Internet, according to the spokesperson. Again, is this not bad? Regardless of where it was exposed, this shouldn’t have happened because when we sign up for a service, we take it for granted that our information will be safe and will not be shared with unauthorized people. But apparently, that’s not the case anymore and we may have to take measures to protect our data instead of believing that other companies would do it for us.
That’s not all. Dow Jones & Co keeps a list of high-risk individuals and organizations to help them comply with statutory regulations pertaining to corruption, bribery and more. This data was also exposed, which means, more private information was available for free preview.
If you’re wondering how this happened, an employee at Amazon had configured this storage incorrectly and this means, anyone with an AWS account can view the records stored in this server. This is the second time in two weeks that a breach is happening at Amazon due to an employee’s negligence.
This breach was reported by UpGuard, a cybersecurity firm. Coincidentally, it was the same firm that reported the breach about Verizon too.
Such incidents once again make us question about cloud security and whether we really have a fool-proof system to keep our data safe and secure.