Over the weekend, researchers from Comparitech discovered a large database that contains millions of records about European customers left unsecured on Amazon Web Service (AWS). A total of eight million records that belong to companies including Amazon, eBay, Shopify, PayPal, and Stripe were found in the database. According to the report, the database is held by an undisclosed third-party company that handles cross border Value-Added Tax (VAT) analysis. Many organizations use third-party companies to handle tasks that the original company does not specialize in.
Organizations that use third-party services should have policies in place that direct that service how to handle their business interests, such as proper security practices. Regular penetration testing should be implemented to identify areas where the security is weak and implement the recommended remediations. Service providers should implement proactive security monitoring programs with internal teams or make use of a Managed Security Service Provider (MSSP) to detect security incidents and quickly respond to contain and mitigate any breaches. Binary Defense provides security monitoring, detection and response services 24 hours a day, 7 days a week to protect clients from attacks.
To read more: https://nakedsecurity.sophos.com/2020/03/12/data-of-millions-of-ebay-and-amazon-shoppers-exposed/