The basic security settings and permissions of a database are extremely critical to have established before anything is stored within, or minimally before the database goes online. Unfortunately, many breaches have continued to occur as a result of organizations neglecting these types of basics. Whether it be permissions that allow too much access or omitted password protection, these simple slip-ups can result in huge exposures of confidential or personal data. We have written about several different cases of this happening in our past blog posts, but the most recent incident of this is probably one of the worst. This new breach involved a database of a Republican analytics firm, and it resulted in the exposure of information about almost every registered voter in the United States.
How the Database was Discovered
According to Chris Vickery of Mackeeper, he had discovered an Amazon database that was left without a password or any other sort of protection for 12 days. This basically means that anyone that had access to the internet and happened upon the database could have downloaded the entire cache of information. Vickery had found a spreadsheet within this database that covered about 200 million Americans, and it included data such as their identities, political views, and voting histories. The information regarding political views included stances on abortion, environmental issues, and gun control. The database had belonged to Data Root Analytics, and included information culled from various sources like government records, political group polling, and social media. It is unclear whether the database had been accessed by anyone other than Vickery, but if this was the case, it could be disastrous. Vickery had said, “With this data, you can target neighborhoods, individuals, people of all sorts of persuasions.” He further stated, “I could give you the home address of every person the RNC believes voted for Trump.”
Deep Root founder Alex Lundry had said in a statement that they take full responsibility for the incident, and have since fixed the settings and secured the database. Unfortunately, he said that the information included not only publicly available voter data, but also proprietary information. The data totaled up to over 1000GB, which according to Vickery, is more than four times that of any similar breach.
This incident is yet another example of plain negligence in the realm of cyber security. Establishing proper settings, protocols, and access restrictions are some of the most basic steps when it comes to storing any type of information. Somehow allowing a database containing valuable information like this to be accessible online for all that stumble upon it is lackadaisical, and there is truly no excuse for it.
Proactive Defense to Prevent Cyber Attacks
Aside from the basic settings and policies, there is much more to security to be able to prevent cyber attacks. Threats in the modern landscape have become extremely clever and adept at being able to circumvent basic security measures to breach systems and networks. In the modern age, it requires proactive security for an organization to be able to properly protect themselves. Threats and attackers need to be predicted and prevented beforehand as much as possible, as this allows organizations to thwart them before they even have a chance to attack. Massive Alliance offers a wide range of security services that can help an organization fortify their security to better prevent cyber attacks.