Cloud security broker issues advice after new data breach

Cloud access security broker Bitglass has reinforced previous warnings about data security after reports that online dating app Heyyo left a server exposed on the Internet without a password.

The breach is said to have exposed personal details, images, location data, phone numbers and dating preferences for nearly 72,000 users, possibly the app’s entire userbase.

Bitglass CTO Anurag Kahol said: “It does not take much effort for outsiders to find unsecured databases and access sensitive information. In fact, there are now tools designed to detect abusable misconfigurations within IT assets like the ElasticSearch database used by Heyyo.”

Kahol said that because of these tools, and the continued carelessness of companies, abusing misconfigurations has grown in popularity as an attack vector across all industries. Such vulnerabilities can pose major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation.

He added: “Even companies with limited IT resources must take full responsibility for securing user data – there is no excuse for negligent security practices such as leaving databases exposed.

“As such, they must turn to flexible, cost-effective solutions that can prevent data leakage. For example, cloud access security brokers (CASBs) that boast features like cloud security posture management (CSPM), data loss prevention (DLP), user and entity behaviour analytics (UEBA), and encryption of data at rest.

“It is only with these types of capabilities that an enterprise can be certain that its data is truly safe.”