In what has become a frequent event, another company has fallen victim to exposing their sensitive company information to the entire internet, all because they failed to password-protect their web-based storage system. LimeLeads, a San Francisco-based company that matches individuals and businesses with potential leads, left its internal database of users unsecured. The LimeLeads overexposure was discovered by a hacker, who downloaded it and sold more than 49 million of the users’ information online.
This type of overexposure continues to happen because many of the systems that offer cloud-based or web-based storage to their customers have the password setting off by default. That might seem like a bad idea, given how many times in recent months this very scenario has happened. However, there are important reasons for not automatically locking everyone out of the system, especially when the company is transitioning to this service. As soon as the transition is underway, that default setting should be changed immediately to a password-protected setting.
Instead, too many companies leave it unprotected, never changing the default, which is what led to the LimeLeads overexposure. That means literally anyone who knows to look for it—or just gets curious and starts browsing around online—can find both the storage bucket and the contents. In this case, a security researcher who routinely looks for unsecured databases discovered it. Unfortunately, they did not discover it before someone else got to it first.
According to ZDNet, a hacker who goes by the name Omnichorus also stumbled upon the database. They then downloaded the contents and posted it for sale on the Dark Web. In many other events like the LimeLeads overexposure, the companies were lucky. They never found evidence that anyone else (before the security researcher who reported it) found or used the information.
Unfortunately, any time personal data is collected and stored, it is the responsibility of the new owner to keep it secure. The LimeLeads overexposure amounts to a data breach, despite the unintentional nature of the event, and those users’ records have now been compromised. Businesses must make comprehensive computer training and updates a priority in order to prevent issues like the LimeLeads overexposure.
If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.
For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.
You might also like…