socialise
like us on facebook
tweet
follow us on twitter
business
find us on linkedin

call us

+ 020 8939 8484

Cloud Configuration Error Exposes 260,000+ Actors

15/07/2020 in Security

I consent to Evolve using my details for marketing purposes and agree with the Privacy Policy.

[optin-monster-shortcode id="apxffoozgs0inxhededf"]

More than 260,000 actors have had their personal data exposed thanks to yet another misconfigured cloud server.

Researchers at SafetyDetectives led by Anurag Sen discovered the unprotected Elasticsearch server, which contained 1GB of data, amounting to 9.5 million records.

It apparently belonged to New Orleans-based casting agency MyCastingFile.com, which has recruited actors for Terminator movies, TV show True Detective and other productions.

The “talent profiles” found in the trove included full names, residential and email addresses, phone numbers, dates of birth, height and weight, photographs and vehicle information.

In total, over 260,000 members had their data exposed in this way, including potentially actors under the age of 18, according to SafetyDetectives.

It warned that the leaked email addresses and personal data could be used to send convincing phishing emails impersonating MyCastingFile, in order to trick users into clicking through on malware downloads.

“Photographs provided by users can be harnessed to conduct scams involving facial recognition such as identity fraud, as well as being used to create multiple illegitimate profiles, to carry out what’s known as ‘catfishing’ — the act of luring someone into a relationship by means of a fictional online persona,” it added.

It’s believed the database was exposed since May 31 2020, but the researchers said the issue was fixed following their disclosure.

Pravin Kothari, founder and CEO of cloud security vendor CipherCloud, argued that avoiding misconfigurations in the cloud is increasingly challenging.

“These issues most frequently revolve around a lack of visibility into faulty controls, not a lack of effort,” he added.

“Perhaps the biggest hurdle, even greater than monitoring for risky configurations, as in this case, relates to better management of cloud data itself. We find that organizations are moving so fast to embrace cloud apps and infrastructure that they cannot maintain visibility into all the issues of data protection and access required to prevent subsequent breaches.”

What Now?

We’re Evolve, and we’re here to guide your business’ digital transformation.  With a wealth of experience deploying solutions and managing IT for various firms we are uniquely placed to help your business overcome the challenges posed by the current crisis and look optimistically to the future. 

You can contact me on LinkedIn @davidatevolve, by telephone 020 8939 8481 or on our Contact Us page

News Source: https://www.infosecurity-magazine.com/

Worried about how well your IT supplier is protecting your system?
Download ‘7 Security Questions to Ask Your IT Supplier’