back to article Veeam holds its hands up, admits database leak was plain 'complacency'

Veeam has blamed "human error" for the exposure of a marketing database containing millions of names and email addresses. The unencrypted MongoDB resource was left open for anyone to view after a migration between different AWS systems, Peter McKay, co-CEO and president at Veeam, told The Register. The resource – which wasn't …

Bronze badge
Trollface

Refreshing

Finally, a response that amounts to more than the nauseating cliche: "we take blah, blah, blah seriously"!

7
0
Silver badge

Like the open and seemingly honest approaches - first, they clearly took seriously, and listened to, the guy who reported the problem and took swift action. Secondly they have put up their hands and admitted it was simple human error.

Never great it happens but... Kudos for the way they've responded.

8
0
Silver badge

.. although still very embarrassing considering their industry sector

2
1
Silver badge

"whether or not Veeam might decide to migrate away from the NoSQL vendor is a tactical question for its techies."

It might be a strategic question for them. Having all this data swinging in the breeze sounds more likely a tactical question for their marketroids.

0
0

Normalization?

4.5 million unique records, many of which were replicated multiple times.

sounds like a crappy database anyway.

0
1
Silver badge

Excellent

I have much greater trust in companies (and people) who understand, admit, and correct their error than in companies (and people) who pretend that there was no error or that it wasn't their fault.

That's a very good look, Veeam.

3
0
Silver badge
Thumb Up

Mr. McKays personal letter to me

We're good Peter... thanks for coming clean.

Dear Veeam community member,

Veeam is committed to maintaining the privacy and security of your personal information. For this reason, I am writing to personally notify you about a recent incident affecting one of our marketing databases. Because we value the importance of your privacy and information security, we are treating this matter very seriously.

What happened?

We recently became aware that one of our marketing databases, which was not easily discoverable, may have been accessible to unauthorized third parties for a limited time due to human error. As soon as we validated the issue, we quickly secured that database. Once secured, we launched a full investigation into the scope of the incident, and took corrective measures to reduce the risk of future such incidents.

What information was involved?

The exposed database contained non-sensitive marketing records, such as name and email address, and in some instances IP addresses. It is possible that this information was visible to an outside third party for a limited time.

What actions were taken?

Veeam takes the privacy and security of your personal information seriously. As soon we validated the incident, we moved quickly to ensure the database was properly secured and to limit any further exposure. We are now actively investigating the matter to ensure that it does not happen again. As a company, we value honesty and openness, which is why I wanted to personally assure you that steps have been taken to prevent a similar issue from occurring in the future. We sincerely apologize for any stress or inconvenience this issue may have caused for you.

Please direct any questions to privacy@veeam.com. In addition, please use only your Veeam account page to adjust your contact information. Veeam will NOT ask you to update your information by email.

Thank you for being a valued business partner to Veeam.

Peter McKay

President and Co-CEO

Veeam

1
0
MAH

We recently became aware that one of our marketing databases, which was not easily discoverable,

that's a bit of a fib since anyone can access shodan, but pretty good otherwise...

0
0
Silver badge

>that's a bit of a fib since anyone can access shodan

and the search terms and criteria needed to return a results set with this specific database either on the first page or in the first couple of results pages?

0
0
Silver badge
Black Helicopters

A VERY interesting issue

Was mentioned that I've been thinking about for quite awhile with all the reported leaks - including some important ones like credit agencies or OPM.

They never mention if the hacker modified the database, which as this article points out, is not hard at all if you have access - you needn't be so crass as to just delete the whole thing for ransom.

What if you had some other agenda - some version of "deep fakery" in mind. Screw up someone's credit rating or security clearance in a way that would be near impossible for them to dispute. Or, perhaps better - GIVE yourself a good rating in credit or security and pass yourself off as someone worth of tons of money or access to secrets.

It's interesting to me how silent the authorities are on this one...I didn't know there were that many crickets on the planet. It has to be a concern, else every security person having anything whatever to do with those outfits should be fired or maybe even tried in court.

0
0

He Gawn

PMac has now left Veeam - no el reg article on this yet?

0
0
(Written by Reg staff) Silver badge

Re: He Gawn

It's on our sister site, Blocks and Files:

https://blocksandfiles.com/2018/10/30/veeam-co-ceo-and-president-peter-mckay-off-to-new-endeavours/

C.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018