Cyber security firm FlashStart, along with IT security researcher Anurag Sen, have confirmed India’s largest trucking company, FR8, has been exposing data through an unsecured server. Anurag Sen discovered the leak while attempting to find misconfigured cloud databases. After the discovery, Sen and FlashStart attempted to reach out to FR8, but the only accessible email address was bouncing any incoming emails, so at the time of writing, the server is still active, and information is still exposed. In total, over 140 GB of data is available to the public, including information like customer records, invoices, payment details, names, addresses, and contact numbers of both customers and employees. Server configuration issues have been a growing issue for businesses all over the world and threat actors will continue to take advantage of them unless the proper precautions are made.
Some recommendations to consider when attempting to protect sensitive data in a cloud infrastructure include:
• Secure access to the cloud.
• Manage user access privileges.
• Provide visibility with employee monitoring.
• Monitor privileged users.
• Educate employees against phishing.
• Ensure you meet IT compliance requirements.
• Efficiently respond to security incidents.