A non-profit organization aiming to make the internet resilient, open, and free to all had member data exposed. The Internet Society (ISOC) says data belonging to its nearly 80,000 members was viewable publicly on an unprotected Microsoft Azure cloud repository for an unknown amount of time. Millions of JSON files were left vulnerable, and within those files were full names, email and mailing addresses, and login details of ISOC members. ISOC was made aware of the public repository after it was reported by security researchers at Clario, with the help of independent researcher Bob Diachenko, on December 8th. They were able to secure it shortly after on December 15th. A portion of a statement from an ISOC representative read “We discovered our association management system was configured incorrectly by a vendor. This did result in member data being publicly accessible, but we have now resolved this issue.” At this point, no instances of misuse of the data have been seen, but that could change.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is