2.3B Files Exposed in a Year: A New Record for Misconfigs

Amazon S3 cloud bucket misconfigurations however have dropped dramatically.
The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday. A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data exposure. The 2.3 billion number represents an increase of more than 750 million files since 2018 – a more than a 50 percent annual increase. The team’s research revealed that about half of the customer data, (1.071 billion files, including personal demographic information,
passport scans and bank statements, job applications, personal photos, credentials for business networks and more) was exposed via the Server Message Block (SMB) protocol – a technology for sharing files first designed in 1983.Other misconfigured technologies included FTP services (20 percent of the total), rsync (16 percent), Amazon S3 buckets (8 percent) and network attached storage (NAS) devices (3 percent).The exposure – including 326 million records from the U.S., 121 million from Germany and 98 million from the UK, – puts many companies at significant risk, according to the report. For instance, countries within the European Union are collectively exposing over one billion files – nearly 50 percent of the total globally (and some 262 million more than last year),
There’s a mobile dimension to this as well, given that many of the exposed databases have been tied to mobile apps. In this scenario, like all third-party data-handlers, the responsibility falls on those who are tasked with securing the data.
“It’s unreasonable to think that everyday users of mobile apps are going to have the knowledge of or capability to monitor for their exposures of data,” Van Riper explained. “Data handlers need to be the responsible parties and secure the data that consumers entrust to them.”

يرجى تحديد مربع captcha للمتابعة إلى صفحة الوجهة.

Please check the captcha box to proceed to the destination page.