News

2018 Ends with One More AWS Exposed Data Mishap

• By David Ramel
• 01/07/2019

As if to highlight the continuing dangers of misconfigured Amazon cloud data stores, 2018 closed out with the announcement of one more mishap on New Year's Eve.

For the past couple of years, the Amazon Web Services Inc. (AWS) cloud platform has been plagued by a series of reports of potential data breaches and exposed data stores. One thing most reports have in common is that the private data was left open not through any inherent platform flaws, but rather through misconfiguration the part of users.

Despite endless publicity and much precautionary guidance from AWS and industry security experts, it happened again, as Abine Inc., which describes itself as an online privacy company, announced on Dec. 31. This mishap concerned a data store containing information on customers using the company's Blur security offering.

"On Thursday, December 13th 2018, we became aware that some information about Blur users had been potentially exposed and immediately began working to ensure our systems and data were secure, to determine what happened, and to inform and help our users," the company's New Year's Eve post says. "We have also retained a leading security firm to assist us and have notified law enforcement officials."

The "potential" exposure of user data put information such as email addresses, IP addresses, encrypted passwords at risk, though there's no proof that actually happened.

"Importantly, there is no evidence that our users' most critical data has been exposed, and we believe it is secure," Abine said in the post that also includes guidance on changing passwords and other security precautions.