Too Much Information
In this research, Digital Shadows assessed the sensitive data exposed from some of the most ubiquitous file sharing services across the Internet. We found over twelve petabytes of publicly available data across open Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives. Here are some of the key findings:
• The amount of exposed data is staggering. Over twelve petabytes of data is exposed (12,000 terabytes). For context, this is over four thousand times larger than the “Panama Papers” leak (2.6 terabytes).
• This is a global problem, but the United States takes the gold. While the majority of countries are affected (>95%), the United States experienced the most exposure with 239,607,590 files.
• Amazon S3 buckets get the glory, but aren’t the full story. S3 buckets only account for 7 percent of exposed data we discovered; older, yet still widely used, technologies – such as SMB (33 percent), rsync (28 percent) and FTP (26 percent) – contributed the most exposure.
• Highly sensitive information is a major cause for concern. It’s not just the volume but the sensitivity of the data that is a major cause for concern. There were a number of instances of high severity exposure of personal information, intellectual property, and security assessments.
• Out of sight, out of mind, and out of pocket. With GDPR fast-approaching, there are clear regulatory concerns for organizations surrounding the protection of personal data. Loss of intellectual property also has considerable financial and reputational impacts.
• We need a better way to backup work files. Third parties and contractors were among the most common sources of sensitive data exposure. Therefore, make sure you take care in backing up your work data. Organizations can also play their part by providing backup solutions to users and educating contractors and consultants about the risks of copying and archiving up work files at home.