Some are hobbyists. Some are professionals. Some like the thrill. Some are trying to get new business. The good news? All of them want your data to be protected.
According to a recently published story on CNET a loose collective of unsecured database hunters spends their time trying to find sensitive data that was mistakenly left public. Once found the database owners are notified so that they can secure the data and notify the affected individuals of the possible breach.
“The data-hunting community is both eclectic and global. Some of its members are professional security experts, others are hobbyists. Some are advanced programmers, others can’t write a line of code. They’re in Ukraine, Israel, Australia, the US and just about any country you name. They share a common purpose: spurring database owners to lock down your info.”
Hitting the Jackpot
Thanks to the efforts of these white-hat treasure seekers unsecured databases are being found and secured virtually every day. Notable examples of their jackpot discoveries include databases containing the details of 80 million US households, 540 million Facebook users, and patients at a recovery addiction treatment center.
And yet, there are some (many?) database owners who either don’t care, are unwilling or are seemingly unable to secure their databases even after being notified multiple times. And this “hobby” of finding unsecured databases isn’t new. I came across a particularly troubling story from January 10, 2017 of a plastic surgery center and spa whose medical records including nude photos labeled with patient names were found out in the wild. The practice was contacted multiple times through multiple channels and only a truly serendipitous phone call finally got the job done. Read about it here.
Are your Databases Secure?
Would you like to find out? If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.