back to article The strange case of the data breach that stayed online for a month

A couple of weeks ago Jeff* quit his job at the Singaporean branch of a major enterprise technology vendor that is, if not quite a household name, certainly known to most IT professionals. Not long afterwards he Googled his old work employee ID number and was unpleasantly surprised to see the first result was a link to a …

"a test and development server had been exposed to the internet."

Live customer data should never go anywhere near a test or dev box. Those boxes should also never be able to touch the outside world like this, sounds like a lot more than a single server being misconfigured to me.

31
1
Silver badge

Agree

The very least you can do is switch the names and surnames randomly, and also randomly change id and bank account numbers (in this case, change numbers, not switch). You should never user the real address of anyone.

That would be as good for testing, and no risk.

8
0
Silver badge

Surprised he didn't email a copy of the spreadsheet to his ex-colleagues and wait for the shit storm to hit the company over it's pay structure.

29
0
Silver badge

"Surprised he didn't email a copy of the spreadsheet to his ex-colleagues and wait for the shit storm to hit the company over it's pay structure."

Indeed. Personal data being exposed on the internet hardly counts as news these days; you need at least a few billion records involved for anyone to take any notice at all. A large multinational company having huge disparity in pay based on gender and nationality is... OK, that's not really news either. But yeah, I guess at least the people involved would appreciate knowing about it.

7
0
Holmes

Ransomware which sets up LAMP servers?

I can't fathom how spreadsheets from someone's workstation drive ended up in a public-accessible web folder on a server. Unless the company used a central server and web interfaces for it's document storage? Or perhaps the visible documents were placed there by extortionists to prove that they'd hacked their network and were rummaging around... ?

4
0
Anonymous Coward

Re: Ransomware which sets up LAMP servers?

You'd be surprised. If you're using Google cloud its surprising easy to publish to the world and his dog rather than your company's bit of the cloud.........

2
0
Anonymous Coward

Re: Ransomware which sets up LAMP servers?

Well, that's what happens when you use Vista as an IIS test server....

5
0
Terminator

Wayback

Google is not the only entity that caches what is out there and makes it available to anyone ...

7
1
Silver badge

The multinational company declined to name the source of the breach, told us staff were confident the breach wasn't its fault and hinted that a third party was to blame.

So you wash your hands of the problem by saying not us, fantastic attitude to have.

The data was given to you and the third party acts on your behalf so it is your responsibility.

the Singaporean service provider told us the cause was a ransomware infection that reset the server's security configuration. During the effort to repair the server, staff realised it was now in an insecure state, fixed that and tried to ensure the data was not accessible from the public Web.

A ransomware infection on a server and you left that server connected to the internet while removing the infection. Then left it on the internet while you secured it again?!? WOW seriously?

7
1

Not making the situation worse is OK in my book. There is no reason to give specific information when doing so increases the likelihood of further harm. The people who are at risk for having their PII exposed deserve better than their company gave them & there is no need for Reg to make things worse.

Name and shame the company after the data has been secured.

3
0
Silver badge

"Nor have we used the names of the companies involved"

So he didn't find it on Google? Maybe it was Bing.

0
2
Silver badge
Alert

Appropriate punishment

Don't they still cane people in Singapore?

4
0
G2
Facepalm

ElReg cache flush

"We therefore asked Google if it offers service levels for requests to flush its cache. The company told us it wouldn't comment on an individual case [...] Neither really explains how it would respond to a request to remove data from its cache."

well, D'OH... you basically asked if water is wet.

https://www.google.com/webmasters/tools/

go to the link where they told you to go, you have to verify ownership of the site and then you can dig in settings to flush cache and pretty much nuke everything related to that site's presence on Google.

Bing and the other major search engines have similar options, so it's a bit of a whack-a-mole to do that with various search engine caches.

The site owner can also add a robots.txt to the website with:

User-agent: *

Disallow: /

2
0
Thumb Up

On a Wednesday?

This story has something of a whiff of one of Reg's Friday columns, starting from "Jeff" (nice way to anonymise Geoff). Are you angling for another regular-anecdote slot?

0
0
Anonymous Coward

SSSSHHHH!

This is how I get torrents.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018