Companies (and the employees at them) need to stop posting private company information on the Internet. And they really need to stop posting private information in public spots with no password. Just last week yet another company was found to be doing something stupid. In this case, they had tons of information posted to an S3 bucket, and there was no password on the S3 bucket. In this S3 bucket, they had backups from systems, One Drive backups from employees, credentials for customer environments, keys for their production environments, etc.
“System credentials can be found in a number of places in the Attunity data set and serve as a useful reminder of how that information might be stored in many places across an organization’s digital assets,” UpGuard researchers said in a report published yesterday.
This information should have never been posted to a publically accessible location, much less one without a password. There’s no good reason why things like system credentials would be posted online.
As IT workers, we have to do better than this. We just have to. There are too many people out there who would do bad things with this information if they got there hands on it.
Do I have a solution, no I don’t. But this really isn’t a problem that needs a technical solution. Whoever did this, simply shouldn’t have done it. There is no excuse for exposing anything much less this much information.
Denny
The post For the Love of God, Stop Exposing Company Information appeared first on SQL Server with Mr. Denny.