The French retail consultancy Aliznet has exposed data on millions of its clients’ customers as well as sensitive business information, after researchers discovered an unsecured Elasticsearch database.
Aliznet specialises in digital transformation, with names including tech giants IBM, Oracle and Salesforce, retail leaders like Auchan, and big brands including Yves Rocher and Lacoste as its clients.
Bitglass CTO Anurag Kahol comments: “It does not take much effort for outsiders to find unsecured databases and access sensitive information. There are now tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases.
“Because of these tools, and the continued carelessness of companies when it comes to cybersecurity, abusing misconfigurations has grown in popularity as an attack vector across all industries.”
Kahol warns: “Such vulnerabilities can pose major threats to data security, data subject wellbeing, regulatory compliance and brand reputation. Even companies with limited IT resources must take full responsibility for securing user data – there is no excuse for negligent security practices such as leaving databases exposed.
“As such, they must turn to flexible, cost-effective solutions that can prevent data leakage; for example, cloud access security brokers (CASBs) that boast features like cloud security posture management (CSPM), data loss prevention (DLP), user and entity behaviour analytics (UEBA), and encryption of data at rest. It is only with these types of capabilities that an enterprise can be certain that its data is truly safe.”