Further investigation revealed three independent but severe policy breaches: 1.) The backup was stored in plain format where all backups should have been encrypted 2.) The affected repository was provisioned as a code repository and never intended to store data 3.) The affected repository was intended for private use within the organization and never intended to be publicly available. “Allegedly this backup was created as a safety measure ahead of performed maintenance work.
“Our analysis has revealed that the data consists of a database backup that was created in 2017 and mistakenly stored in a cloud storage repository provided within the cloud hosting environment,” Zach told us. He said internal analysis of available logs has found no unauthorized access besides UpGuard’s access of the data, adding that TVSmiles has yet to notify users of the incident - but is planning a communication to users within its mobile app and a blog post on its website. Reached for comment on the incident today, Zach confirmed UpGuard’s report and also confirmed that the exposed repository had been accidentally left unsecured for years. TVSmiles co-founder, Gaylord Zach, added in this email to UpGuard that it would “further investigate the contents of the exposed data to take further actions”.
0 kommentar(er)
