1.5 bn sensitive documents on open internet: researchers

April 5, 2018
Researchers say that vast amounts of sensitive files on the open internet makes it easier for hackers and others to steal data

Some 1.5 billion sensitive online files, from pay stubs to medical scans to patent applications, are visible on the open internet, security researchers said Thursday.

Researchers from the cybersecurity firm Digital Shadows said a scanning tool used in the first three months of 2018 found mountains of online from people and companies across the world.

The unprotected data amounted to some 12 petabytes, or four thousand times larger than the "Panama Papers" document trove which exposed potential corruption in dozens of countries.

"These are files that are freely available" to anyone with minimal technical knowledge, said Rick Holland, a vice president at Digital Shadows.

Holland told AFP his team scanned the web and found unsecured files, adding "we didn't authenticate to anything."

The availability of open data makes it easier for hackers, nation-states or rival companies to steal , Holland said.

"It makes attackers' jobs much easier. It shortens the reconnaissance phase," he added.

The researchers said in the report that even amid growing concerns about hackers attacking sensitive data, "we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured cloud storage, file exchange protocols, and file sharing services."

A significant amount of the data left open was from payroll and tax return files, which accounted for 700,000 and 60,000 files respectively, Digital Shadows said.

It noted medical files and lists were also weakly protected, with some 2.2 million body scans open to inspection.

Many corporate secrets were also out in the open including designs, patent summaries and details of yet-to-be-released products.

"While organizations may consider insiders, network intrusions and phishing campaigns as sources of corporate espionage, these findings demonstrate that there is already a large amount of sensitive data publicly available," the report said.

The researchers said about 36 percent of the files were located in the European Union. The United States had the largest amount for a single country at 16 percent, but exposed files were also seen around the world including in Asia and the Middle East.

About seven percent of the data was in "misconfigured" cloud Amazon cloud computing storage. Holland said the main problem was not in the cloud computing itself but how users manage their data.

In some cases, users "are backing up their data to the (open) web without knowing it," Holland said.

The majority of the files found by Digital Shadows were exposed by poor security practices in servers and file-sharing protocols.

"Third parties and contractors were among the most common sources of exposure," the report said.

Explore further: How secure is your data when it's stored in the cloud?

Related Stories

How secure is your data when it's stored in the cloud?

January 25, 2018

As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files ...

Is fog more secure than cloud?

March 17, 2017

Computer scientists in Italy are working on a new concept for remote and distributed storage of documents that could have all the benefits of cloud computing but without the security issues of putting one's sensitive documents ...

A user-controlled file security scheme for cloud services

May 22, 2017

By securing data files with a 'need-to-know' decryption key, researchers at Singapore's Agency for Science, Technology and Research (A*STAR) have developed a way to control access to cloud-hosted data in real time, adding ...

Detecting malicious files uploaded to cloud services

August 12, 2015

A powerful new computer security tool, called XDet, can detect malicious files being uploaded to a cloud computing service is reported this month in the International Journal of Space-Based and Situated Computing by researchers ...

Cracks emerge in the cloud

June 20, 2014

A systematic analysis reveals that cloud storage services have security weaknesses that can inadvertently leak users' data.

Recommended for you

Pushing lithium ion batteries to the next performance level

December 13, 2018

Conventional lithium ion batteries, such as those widely used in smartphones and notebooks, have reached performance limits. Materials chemist Freddy Kleitz from the Faculty of Chemistry of the University of Vienna and international ...

Uber filed paperwork for IPO: report

December 8, 2018

Ride-share company Uber quietly filed paperwork this week for its initial public offering, the Wall Street Journal reported late Friday.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

Bart_A
5 / 5 (2) Apr 06, 2018
A lot of these are on shady Chinese websites. I know because I have searched for competitors' information before, and those websites came up.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.